11241100x80000000000000003843858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6110d054f8b57e32021-12-22 11:44:11.442root 11241100x80000000000000003843859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c437f3984b093b0c2021-12-22 11:44:11.443root 11241100x80000000000000003843860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8a4e87a30e7d772021-12-22 11:44:11.443root 11241100x80000000000000003843861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddaec4115f1db832021-12-22 11:44:11.942root 11241100x80000000000000003843862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd41cca079d2cd1c2021-12-22 11:44:11.943root 11241100x80000000000000003843863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05756f35b447e912021-12-22 11:44:11.943root 354300x80000000000000003843864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.035{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55380-false10.0.1.12-8000- 11241100x80000000000000003843865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9207f818b6fad2882021-12-22 11:44:12.442root 11241100x80000000000000003843866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7d0d054d7295ce2021-12-22 11:44:12.443root 11241100x80000000000000003843867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554a92c709e904822021-12-22 11:44:12.443root 11241100x80000000000000003843868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dd869226f0d5172021-12-22 11:44:12.443root 11241100x80000000000000003843869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd71e60f6d9c3b2021-12-22 11:44:12.942root 11241100x80000000000000003843870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb53d7d284d6e8c2021-12-22 11:44:12.943root 11241100x80000000000000003843871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce3fef7b75dc1312021-12-22 11:44:12.943root 11241100x80000000000000003843872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f165647bad4a6c2021-12-22 11:44:12.943root 11241100x80000000000000003843873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5695e2b2ab7fbfe62021-12-22 11:44:13.442root 11241100x80000000000000003843874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd15f593f8dece532021-12-22 11:44:13.443root 11241100x80000000000000003843875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf3e548e62e85292021-12-22 11:44:13.443root 11241100x80000000000000003843876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069455e8731396e52021-12-22 11:44:13.443root 11241100x80000000000000003843877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17ae20cfa971b72021-12-22 11:44:13.942root 11241100x80000000000000003843878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e87317290264452021-12-22 11:44:13.943root 11241100x80000000000000003843879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e42a6315f368c22021-12-22 11:44:13.943root 11241100x80000000000000003843880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1084707e993029d2021-12-22 11:44:13.943root 11241100x80000000000000003843881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca20c99f8de6adb52021-12-22 11:44:14.442root 11241100x80000000000000003843882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ce9134a2f39f162021-12-22 11:44:14.443root 11241100x80000000000000003843883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ee3774a6e130f2021-12-22 11:44:14.443root 11241100x80000000000000003843884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faadad2d66d1a5cb2021-12-22 11:44:14.443root 11241100x80000000000000003843885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2fb2edcbfd909c2021-12-22 11:44:14.942root 11241100x80000000000000003843886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed984c3879d7534b2021-12-22 11:44:14.943root 11241100x80000000000000003843887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9940e11ebaa19552021-12-22 11:44:14.943root 11241100x80000000000000003843888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d18d97043dd889e2021-12-22 11:44:14.943root 11241100x80000000000000003843889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f189146c3fce4b0a2021-12-22 11:44:15.443root 11241100x80000000000000003843890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3559f02cfd034e0c2021-12-22 11:44:15.443root 11241100x80000000000000003843891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e6037795a2b2112021-12-22 11:44:15.443root 11241100x80000000000000003843892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f7a974559e5c172021-12-22 11:44:15.443root 11241100x80000000000000003843893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2502dec95911fe522021-12-22 11:44:15.943root 11241100x80000000000000003843894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfc90d94bd77c902021-12-22 11:44:15.943root 11241100x80000000000000003843895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc79828c4c06b972021-12-22 11:44:15.944root 11241100x80000000000000003843896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87626b563a74d6452021-12-22 11:44:15.944root 534500x80000000000000003843897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.427{00000000-0000-0000-0000-000000000000}18927<unknown process>root 11241100x80000000000000003843898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf95f894b0a769352021-12-22 11:44:16.428root 11241100x80000000000000003843899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c53f195f4179032021-12-22 11:44:16.428root 11241100x80000000000000003843900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1565cc4fc17bab62021-12-22 11:44:16.428root 11241100x80000000000000003843901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dda25eb3ee880f2021-12-22 11:44:16.428root 11241100x80000000000000003843902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.428{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55a1919cb6f89aa2021-12-22 11:44:16.428root 11241100x80000000000000003843903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70defbc4df6cfff22021-12-22 11:44:16.693root 11241100x80000000000000003843904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825c41a0756ad9282021-12-22 11:44:16.693root 11241100x80000000000000003843905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883f1cedf771d8cc2021-12-22 11:44:16.693root 11241100x80000000000000003843906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1ddf05b6f44e2f2021-12-22 11:44:16.693root 11241100x80000000000000003843907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f32918f957bb132021-12-22 11:44:16.693root 11241100x80000000000000003843908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7954caa4d2f6ecb42021-12-22 11:44:17.192root 11241100x80000000000000003843909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d749fa7167b7d2132021-12-22 11:44:17.193root 11241100x80000000000000003843910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b49d8572549ef8a2021-12-22 11:44:17.193root 11241100x80000000000000003843911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd41d65ca90f4f32021-12-22 11:44:17.193root 11241100x80000000000000003843912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3765867a015bf66a2021-12-22 11:44:17.193root 354300x80000000000000003843913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.200{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55382-false10.0.1.12-8000- 11241100x80000000000000003843914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f46c144edec59f22021-12-22 11:44:17.693root 11241100x80000000000000003843915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9a49629f83a9fd2021-12-22 11:44:17.693root 11241100x80000000000000003843916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b102394c8847b7152021-12-22 11:44:17.693root 11241100x80000000000000003843917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67809387a355c3f82021-12-22 11:44:17.693root 11241100x80000000000000003843918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae7f4a86902904b2021-12-22 11:44:17.693root 11241100x80000000000000003843919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2a0edb856bbb202021-12-22 11:44:17.693root 11241100x80000000000000003843920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0908d3bfbb04eb252021-12-22 11:44:18.193root 11241100x80000000000000003843921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a7cdc6baaa8bf52021-12-22 11:44:18.193root 11241100x80000000000000003843922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea31b27b5f8621242021-12-22 11:44:18.193root 11241100x80000000000000003843923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56191bfcf96c6c042021-12-22 11:44:18.193root 11241100x80000000000000003843924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c6b575a07e3a7e2021-12-22 11:44:18.193root 11241100x80000000000000003843925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d80d47e88060f0a2021-12-22 11:44:18.193root 11241100x80000000000000003843926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb51c3d5a09db61b2021-12-22 11:44:18.693root 11241100x80000000000000003843927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c433414685f6a33e2021-12-22 11:44:18.693root 11241100x80000000000000003843928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f6329f310b4be82021-12-22 11:44:18.693root 11241100x80000000000000003843929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78243882d160b42021-12-22 11:44:18.693root 11241100x80000000000000003843930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae170832af8e14652021-12-22 11:44:18.693root 11241100x80000000000000003843931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd5a00200ebc5212021-12-22 11:44:18.693root 11241100x80000000000000003843932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b900a2f5e0cd59e2021-12-22 11:44:19.193root 11241100x80000000000000003843933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56c2055d6a64c162021-12-22 11:44:19.193root 11241100x80000000000000003843934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e302e5b984c1ad2021-12-22 11:44:19.193root 11241100x80000000000000003843935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628c19810739bb682021-12-22 11:44:19.193root 11241100x80000000000000003843936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d4a1545516f6532021-12-22 11:44:19.193root 11241100x80000000000000003843937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a923a6b1d84e3ff2021-12-22 11:44:19.193root 11241100x80000000000000003843938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275af0e8422d6c942021-12-22 11:44:19.693root 11241100x80000000000000003843939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5481e8687d1ab32021-12-22 11:44:19.693root 11241100x80000000000000003843940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753cd4cd6be5ec382021-12-22 11:44:19.693root 11241100x80000000000000003843941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d88abf763c114972021-12-22 11:44:19.693root 11241100x80000000000000003843942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91023541cecb8ae52021-12-22 11:44:19.693root 11241100x80000000000000003843943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9442648b62d8593c2021-12-22 11:44:19.693root 11241100x80000000000000003843944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51eb76a097216672021-12-22 11:44:20.193root 11241100x80000000000000003843945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c1f6167f6b571b2021-12-22 11:44:20.193root 11241100x80000000000000003843946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2760ebd64c90ceaa2021-12-22 11:44:20.193root 11241100x80000000000000003843947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644200bd11c50b2d2021-12-22 11:44:20.193root 11241100x80000000000000003843948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621248cabb75b1572021-12-22 11:44:20.193root 11241100x80000000000000003843949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c0bd9362a35d952021-12-22 11:44:20.193root 11241100x80000000000000003843950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1be721697d220f2021-12-22 11:44:20.693root 11241100x80000000000000003843951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3a04e33c17b0d72021-12-22 11:44:20.693root 11241100x80000000000000003843952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb41ebadd25022532021-12-22 11:44:20.693root 11241100x80000000000000003843953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39a8e5008a17edd2021-12-22 11:44:20.693root 11241100x80000000000000003843954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be17e2098bdda7ef2021-12-22 11:44:20.693root 11241100x80000000000000003843955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55104dbc36c410522021-12-22 11:44:20.693root 11241100x80000000000000003843956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9b1c1d36f70bee2021-12-22 11:44:21.193root 11241100x80000000000000003843957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a496c58aaff0c79b2021-12-22 11:44:21.193root 11241100x80000000000000003843958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41212437176e0d042021-12-22 11:44:21.193root 11241100x80000000000000003843959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f6adf7c89f9bde2021-12-22 11:44:21.193root 11241100x80000000000000003843960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e8ad108813bcac2021-12-22 11:44:21.193root 11241100x80000000000000003843961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad49df3b1333872c2021-12-22 11:44:21.193root 11241100x80000000000000003843962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09c2980ce16a3892021-12-22 11:44:21.693root 11241100x80000000000000003843963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d4b42ced8bcefe2021-12-22 11:44:21.693root 11241100x80000000000000003843964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb921099162b968c2021-12-22 11:44:21.693root 11241100x80000000000000003843965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb20532f1ee2381c2021-12-22 11:44:21.693root 11241100x80000000000000003843966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7769a9949cacb572021-12-22 11:44:21.693root 11241100x80000000000000003843967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1566235341e7bfb42021-12-22 11:44:21.693root 11241100x80000000000000003843968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f204ffa0e0e1ddb2021-12-22 11:44:22.193root 11241100x80000000000000003843969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfd1f5f63132fc12021-12-22 11:44:22.193root 11241100x80000000000000003843970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac66b5671d3f822021-12-22 11:44:22.193root 11241100x80000000000000003843971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08143758ba384e562021-12-22 11:44:22.193root 11241100x80000000000000003843972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a089b48011b9be92021-12-22 11:44:22.193root 11241100x80000000000000003843973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22616879c12887b92021-12-22 11:44:22.193root 11241100x80000000000000003843974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497c72a2bbe4b8cf2021-12-22 11:44:22.693root 11241100x80000000000000003843975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3068e4d9806724d2021-12-22 11:44:22.693root 11241100x80000000000000003843976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5661b11a5ef981b82021-12-22 11:44:22.693root 11241100x80000000000000003843977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc9cfb5ea23f2c12021-12-22 11:44:22.693root 11241100x80000000000000003843978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29368c9d4320a3512021-12-22 11:44:22.693root 11241100x80000000000000003843979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9cb7109f789dc22021-12-22 11:44:22.693root 354300x80000000000000003843980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.162{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55384-false10.0.1.12-8000- 11241100x80000000000000003843981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df6cfb2ed2ac6f22021-12-22 11:44:23.163root 11241100x80000000000000003843982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc892a1fd69728af2021-12-22 11:44:23.163root 11241100x80000000000000003843983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20251bb6a716b6af2021-12-22 11:44:23.164root 11241100x80000000000000003843984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4500a3d51d39d80a2021-12-22 11:44:23.164root 11241100x80000000000000003843985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463ec48a1010c18e2021-12-22 11:44:23.164root 11241100x80000000000000003843986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f2903b87948c882021-12-22 11:44:23.164root 11241100x80000000000000003843987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645e486a1c5290972021-12-22 11:44:23.164root 11241100x80000000000000003843988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9501e17dc272b62021-12-22 11:44:23.443root 11241100x80000000000000003843989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bffc6d6d8068832021-12-22 11:44:23.443root 11241100x80000000000000003843990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c305f5c24de8cbb2021-12-22 11:44:23.443root 11241100x80000000000000003843991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ebc058e4e81ad5f2021-12-22 11:44:23.443root 11241100x80000000000000003843992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10efc78c2b001a8c2021-12-22 11:44:23.443root 11241100x80000000000000003843993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7626cc484ba4a1102021-12-22 11:44:23.443root 11241100x80000000000000003843994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3d8569aca611b42021-12-22 11:44:23.443root 11241100x80000000000000003843995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40913b6ee56acc432021-12-22 11:44:23.942root 11241100x80000000000000003843996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1928c775c65bc1e2021-12-22 11:44:23.943root 11241100x80000000000000003843997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4e3c955ccde40c2021-12-22 11:44:23.943root 11241100x80000000000000003843998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc7ba5f0259a6072021-12-22 11:44:23.943root 11241100x80000000000000003843999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c3a42b781ca7b82021-12-22 11:44:23.943root 11241100x80000000000000003844000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dfae3336a894d92021-12-22 11:44:23.943root 11241100x80000000000000003844001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efabf0405c6f927f2021-12-22 11:44:23.943root 11241100x80000000000000003844002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcb9eee2389eed82021-12-22 11:44:24.443root 11241100x80000000000000003844003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3a5a2bc0f69d962021-12-22 11:44:24.443root 11241100x80000000000000003844004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c82a2c780a6f8f22021-12-22 11:44:24.443root 11241100x80000000000000003844005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595572309a9da76a2021-12-22 11:44:24.443root 11241100x80000000000000003844006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ff6d93a431092a2021-12-22 11:44:24.443root 11241100x80000000000000003844007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e09a5ba5aef4a02021-12-22 11:44:24.443root 11241100x80000000000000003844008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba665f1f73394f362021-12-22 11:44:24.443root 11241100x80000000000000003844009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52baa89d1e4349862021-12-22 11:44:24.943root 11241100x80000000000000003844010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ceb6989d1aaafa2021-12-22 11:44:24.943root 11241100x80000000000000003844011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e10880c0181e0b82021-12-22 11:44:24.943root 11241100x80000000000000003844012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f5be265820b2142021-12-22 11:44:24.943root 11241100x80000000000000003844013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b821bc3e5e31e38b2021-12-22 11:44:24.943root 11241100x80000000000000003844014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fb38ca9895e7a92021-12-22 11:44:24.943root 11241100x80000000000000003844015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc11365e62aa27df2021-12-22 11:44:24.943root 11241100x80000000000000003844016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1cddc72f6d58b82021-12-22 11:44:25.443root 11241100x80000000000000003844017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa241cc71b54b372021-12-22 11:44:25.443root 11241100x80000000000000003844018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256d8ffbc666852c2021-12-22 11:44:25.443root 11241100x80000000000000003844019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461b448b46d4dbe12021-12-22 11:44:25.443root 11241100x80000000000000003844020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0654e5a53451cc942021-12-22 11:44:25.443root 11241100x80000000000000003844021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e752a64c322a8a52021-12-22 11:44:25.443root 11241100x80000000000000003844022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e2d4f9f2de785b2021-12-22 11:44:25.443root 11241100x80000000000000003844023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c8b192e4ec816a2021-12-22 11:44:25.943root 11241100x80000000000000003844024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289828bd76a5afab2021-12-22 11:44:25.943root 11241100x80000000000000003844025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612adf4d173161c62021-12-22 11:44:25.943root 11241100x80000000000000003844026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1fcf53744094672021-12-22 11:44:25.943root 11241100x80000000000000003844027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01d2e0af4e505252021-12-22 11:44:25.943root 11241100x80000000000000003844028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5dd6811aeaae7e2021-12-22 11:44:25.943root 11241100x80000000000000003844029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377c48a5d0f6d2c12021-12-22 11:44:25.943root 11241100x80000000000000003844030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67392a6323b912392021-12-22 11:44:26.443root 11241100x80000000000000003844031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885ee4a9482ea0362021-12-22 11:44:26.443root 11241100x80000000000000003844032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae62cd567ff7c872021-12-22 11:44:26.443root 11241100x80000000000000003844033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb4c3acb8eb8f672021-12-22 11:44:26.443root 11241100x80000000000000003844034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2e6a2ab23b65132021-12-22 11:44:26.443root 11241100x80000000000000003844035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fec4f37bd448ff92021-12-22 11:44:26.443root 11241100x80000000000000003844036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d22d3f61dc86562021-12-22 11:44:26.443root 11241100x80000000000000003844037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8bc58e3ab427432021-12-22 11:44:26.943root 11241100x80000000000000003844038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7220a96ad296ab8d2021-12-22 11:44:26.943root 11241100x80000000000000003844039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ad94c23734c0d82021-12-22 11:44:26.943root 11241100x80000000000000003844040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b70e2de99d1c71f2021-12-22 11:44:26.943root 11241100x80000000000000003844041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbc4720524c827c2021-12-22 11:44:26.943root 11241100x80000000000000003844042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbf31a3d9622c872021-12-22 11:44:26.943root 11241100x80000000000000003844043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440ed68f1dba692f2021-12-22 11:44:26.943root 11241100x80000000000000003844044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148cb611eba0f66b2021-12-22 11:44:27.443root 11241100x80000000000000003844045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0503b8fdef8088c02021-12-22 11:44:27.443root 11241100x80000000000000003844046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c876e80c57e3d72021-12-22 11:44:27.443root 11241100x80000000000000003844047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca55926d40c3d47c2021-12-22 11:44:27.443root 11241100x80000000000000003844048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3091e29bc1b8edc12021-12-22 11:44:27.443root 11241100x80000000000000003844049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761f03b236a5c0242021-12-22 11:44:27.443root 11241100x80000000000000003844050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e9bcf19c22cfec2021-12-22 11:44:27.443root 11241100x80000000000000003844051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5507b48d2cfcda2021-12-22 11:44:27.943root 11241100x80000000000000003844052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a0440d5ef393662021-12-22 11:44:27.943root 11241100x80000000000000003844053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db9af83902c6ae62021-12-22 11:44:27.943root 11241100x80000000000000003844054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888736ca5521288d2021-12-22 11:44:27.943root 11241100x80000000000000003844055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710c729ebbfc6fcb2021-12-22 11:44:27.944root 11241100x80000000000000003844056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0234338b0a302282021-12-22 11:44:27.944root 11241100x80000000000000003844057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1db06d89cf88fe2021-12-22 11:44:27.944root 11241100x80000000000000003844058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18afc11b6b75c9392021-12-22 11:44:28.443root 11241100x80000000000000003844059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b7c3f9f0a3259d2021-12-22 11:44:28.443root 11241100x80000000000000003844060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bff035b8537ea7c2021-12-22 11:44:28.443root 11241100x80000000000000003844061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0da33f87b706872021-12-22 11:44:28.443root 11241100x80000000000000003844062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee20387dbc90877f2021-12-22 11:44:28.443root 11241100x80000000000000003844063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946faaaef98b92cf2021-12-22 11:44:28.443root 11241100x80000000000000003844064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d991cf8438099cc2021-12-22 11:44:28.443root 154100x80000000000000003844065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.575{ec2b6afe-0f9c-61c3-6864-dd3501560000}19052/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003844066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.585{ec2b6afe-0f9c-61c3-6864-dd3501560000}19052/bin/psroot 11241100x80000000000000003844067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8a775c71fe905f2021-12-22 11:44:28.943root 11241100x80000000000000003844068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92adae8788097ff42021-12-22 11:44:28.943root 11241100x80000000000000003844069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad3c9921d0e65a32021-12-22 11:44:28.943root 11241100x80000000000000003844070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef7cee2035ffc712021-12-22 11:44:28.943root 11241100x80000000000000003844071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd76a1f54689c90b2021-12-22 11:44:28.943root 11241100x80000000000000003844072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f6ed1cb4dbba9e2021-12-22 11:44:28.943root 11241100x80000000000000003844073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1624c7df81f14b992021-12-22 11:44:28.943root 11241100x80000000000000003844074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49681bcf796754932021-12-22 11:44:28.943root 11241100x80000000000000003844075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3587c49c8bbfc7c2021-12-22 11:44:28.944root 354300x80000000000000003844076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.031{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55386-false10.0.1.12-8000- 11241100x80000000000000003844077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34375a6f439798322021-12-22 11:44:29.443root 11241100x80000000000000003844078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6aa44ebe8eefc422021-12-22 11:44:29.443root 11241100x80000000000000003844079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5294d861b9498fb2021-12-22 11:44:29.443root 11241100x80000000000000003844080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cf043fc000397a2021-12-22 11:44:29.443root 11241100x80000000000000003844081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9134413454621a312021-12-22 11:44:29.443root 11241100x80000000000000003844082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060b203f5633d8cb2021-12-22 11:44:29.443root 11241100x80000000000000003844083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca804a7f35266d12021-12-22 11:44:29.443root 11241100x80000000000000003844084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0395d289c62710bf2021-12-22 11:44:29.444root 11241100x80000000000000003844085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6c302cb8208be32021-12-22 11:44:29.444root 11241100x80000000000000003844086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6426e52e1b4c372021-12-22 11:44:29.444root 11241100x80000000000000003844087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1112d70f0378b32021-12-22 11:44:29.943root 11241100x80000000000000003844088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b74a7818cf395d92021-12-22 11:44:29.943root 11241100x80000000000000003844089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da93f4a379bd8fde2021-12-22 11:44:29.943root 11241100x80000000000000003844090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cd73999131c2702021-12-22 11:44:29.943root 11241100x80000000000000003844091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebdf933bf6b77b72021-12-22 11:44:29.944root 11241100x80000000000000003844092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ccbe88c33a40492021-12-22 11:44:29.944root 11241100x80000000000000003844093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43c4241ba12e5ba2021-12-22 11:44:29.944root 11241100x80000000000000003844094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f6640309c9131f2021-12-22 11:44:29.944root 11241100x80000000000000003844095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3521b47d6303102021-12-22 11:44:29.944root 11241100x80000000000000003844096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f798d7ceba9d5c72021-12-22 11:44:29.944root 11241100x80000000000000003844097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe061f65e62c24a2021-12-22 11:44:30.443root 11241100x80000000000000003844098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a80d16bf7a325b92021-12-22 11:44:30.443root 11241100x80000000000000003844099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8fc6bf253def42021-12-22 11:44:30.443root 11241100x80000000000000003844100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e85f85377a2e3dd2021-12-22 11:44:30.443root 11241100x80000000000000003844101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d60f0c632372bae2021-12-22 11:44:30.443root 11241100x80000000000000003844102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877a0a5b0772ce232021-12-22 11:44:30.443root 11241100x80000000000000003844103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709fa032a9d5256f2021-12-22 11:44:30.443root 11241100x80000000000000003844104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aceba5f27391732021-12-22 11:44:30.443root 11241100x80000000000000003844105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab570cd665639442021-12-22 11:44:30.444root 11241100x80000000000000003844106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bb980ebaa4078b2021-12-22 11:44:30.444root 11241100x80000000000000003844107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888d5069d34bbf842021-12-22 11:44:30.943root 11241100x80000000000000003844108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d856391c5057d932021-12-22 11:44:30.943root 11241100x80000000000000003844109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baa40bf3565795e2021-12-22 11:44:30.943root 11241100x80000000000000003844110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f444502b38f8fc422021-12-22 11:44:30.943root 11241100x80000000000000003844111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5aec1c734e614e2021-12-22 11:44:30.943root 11241100x80000000000000003844112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cacb4a5acc2d9b32021-12-22 11:44:30.944root 11241100x80000000000000003844113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb3066991f201ef2021-12-22 11:44:30.944root 11241100x80000000000000003844114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fba1bdca499dbb2021-12-22 11:44:30.944root 11241100x80000000000000003844115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cad70667cec00962021-12-22 11:44:30.944root 11241100x80000000000000003844116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0841938984f9276b2021-12-22 11:44:30.944root 11241100x80000000000000003844117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a405135dba09f3452021-12-22 11:44:31.443root 11241100x80000000000000003844118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e72571e6363eea2021-12-22 11:44:31.443root 11241100x80000000000000003844119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf21385fc4fda7d2021-12-22 11:44:31.443root 11241100x80000000000000003844120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a09c88c0d9bca2021-12-22 11:44:31.443root 11241100x80000000000000003844121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d5134714dc263a2021-12-22 11:44:31.443root 11241100x80000000000000003844122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d222165695ec40e22021-12-22 11:44:31.443root 11241100x80000000000000003844123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed4c5346ea499552021-12-22 11:44:31.443root 11241100x80000000000000003844124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c184c8056df3442021-12-22 11:44:31.444root 11241100x80000000000000003844125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637d64a0268051c82021-12-22 11:44:31.444root 11241100x80000000000000003844126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d04a329290eefe22021-12-22 11:44:31.444root 11241100x80000000000000003844127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc79569ab617e7c2021-12-22 11:44:31.943root 11241100x80000000000000003844128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7703466cb991ec572021-12-22 11:44:31.943root 11241100x80000000000000003844129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12be97d1e7525542021-12-22 11:44:31.943root 11241100x80000000000000003844130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d8fce8ef790e4b2021-12-22 11:44:31.943root 11241100x80000000000000003844131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cc41ce5ed6b83b2021-12-22 11:44:31.944root 11241100x80000000000000003844132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef4cd90494c171b2021-12-22 11:44:31.944root 11241100x80000000000000003844133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29776bc7816a66db2021-12-22 11:44:31.944root 11241100x80000000000000003844134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da9eddc4256971c2021-12-22 11:44:31.944root 11241100x80000000000000003844135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19d7f951857b3ac2021-12-22 11:44:31.944root 11241100x80000000000000003844136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596ac699fe361ad22021-12-22 11:44:31.944root 11241100x80000000000000003844137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd5a253fa7f9ad52021-12-22 11:44:32.443root 11241100x80000000000000003844138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcecbaf824a26c272021-12-22 11:44:32.443root 11241100x80000000000000003844139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fa300a1fdffe5a2021-12-22 11:44:32.443root 11241100x80000000000000003844140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f41377483f084b2021-12-22 11:44:32.443root 11241100x80000000000000003844141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477ce24f8b484cb52021-12-22 11:44:32.443root 11241100x80000000000000003844142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff445ed2b13c17772021-12-22 11:44:32.443root 11241100x80000000000000003844143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c8abc7247997702021-12-22 11:44:32.443root 11241100x80000000000000003844144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d32b6a96cc42482021-12-22 11:44:32.444root 11241100x80000000000000003844145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17321e6ce13b8a482021-12-22 11:44:32.444root 11241100x80000000000000003844146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702df003bf078af62021-12-22 11:44:32.444root 11241100x80000000000000003844147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160911f8ddc1dd1c2021-12-22 11:44:32.943root 11241100x80000000000000003844148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15c03a9b85614c82021-12-22 11:44:32.943root 11241100x80000000000000003844149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892cb5837de326432021-12-22 11:44:32.943root 11241100x80000000000000003844150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f0ecdfed33b2732021-12-22 11:44:32.943root 11241100x80000000000000003844151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b432508854c1e32021-12-22 11:44:32.944root 11241100x80000000000000003844152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f31da0356083082021-12-22 11:44:32.944root 11241100x80000000000000003844153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5874a4e0ecf942a2021-12-22 11:44:32.944root 11241100x80000000000000003844154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22af040c8081ee42021-12-22 11:44:32.944root 11241100x80000000000000003844155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d9dd900eb843002021-12-22 11:44:32.944root 11241100x80000000000000003844156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575be0b395b2fcd2021-12-22 11:44:32.944root 11241100x80000000000000003844157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:44:33.145root 11241100x80000000000000003844158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cef051687c94b52021-12-22 11:44:33.443root 11241100x80000000000000003844159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c14b3e0952d9512021-12-22 11:44:33.443root 11241100x80000000000000003844160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1764f0c45924b3992021-12-22 11:44:33.443root 11241100x80000000000000003844161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86f4b0e1604a4502021-12-22 11:44:33.443root 11241100x80000000000000003844162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861895b5ca7801412021-12-22 11:44:33.443root 11241100x80000000000000003844163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacc7a1e258069ad2021-12-22 11:44:33.443root 11241100x80000000000000003844164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edc83dbab6338502021-12-22 11:44:33.444root 11241100x80000000000000003844165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97eef5d2c849db62021-12-22 11:44:33.444root 11241100x80000000000000003844166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491bf07aa4f860052021-12-22 11:44:33.444root 11241100x80000000000000003844167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8e0895837b075e2021-12-22 11:44:33.444root 11241100x80000000000000003844168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5367c0d1856b76ae2021-12-22 11:44:33.444root 11241100x80000000000000003844169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c0975d1e55c222021-12-22 11:44:33.943root 11241100x80000000000000003844170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42801286f97014b82021-12-22 11:44:33.943root 11241100x80000000000000003844171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36aa07ccd50f842021-12-22 11:44:33.943root 11241100x80000000000000003844172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9598c4048bff522021-12-22 11:44:33.943root 11241100x80000000000000003844173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a88046c580eaea2021-12-22 11:44:33.943root 11241100x80000000000000003844174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93163f27cda772ba2021-12-22 11:44:33.943root 11241100x80000000000000003844175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8428dabaff8feb2021-12-22 11:44:33.943root 11241100x80000000000000003844176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5134399a871e022021-12-22 11:44:33.943root 11241100x80000000000000003844177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0511dc81df0ffdcf2021-12-22 11:44:33.943root 11241100x80000000000000003844178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571ecd498a1336af2021-12-22 11:44:33.943root 11241100x80000000000000003844179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3a530be28e26a92021-12-22 11:44:33.943root 354300x80000000000000003844180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:33.944{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42452-false10.0.1.12-8089- 354300x80000000000000003844181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.101{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55390-false10.0.1.12-8000- 11241100x80000000000000003844182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f4611c56e0d6612021-12-22 11:44:34.443root 11241100x80000000000000003844183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b29bfdfc3c19c2021-12-22 11:44:34.443root 11241100x80000000000000003844184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07fd45269d2ec02021-12-22 11:44:34.443root 11241100x80000000000000003844185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3137a990a4340a12021-12-22 11:44:34.443root 11241100x80000000000000003844186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a418fbe76c81fb2021-12-22 11:44:34.444root 11241100x80000000000000003844187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8a98de2ddc4e8b2021-12-22 11:44:34.444root 11241100x80000000000000003844188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bae19d4d89d96102021-12-22 11:44:34.444root 11241100x80000000000000003844189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2debc789b9d5222021-12-22 11:44:34.444root 11241100x80000000000000003844190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4951b44dc10efb2021-12-22 11:44:34.444root 11241100x80000000000000003844191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7abad6a2c033d2021-12-22 11:44:34.444root 11241100x80000000000000003844192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a6e8e4d031bdc32021-12-22 11:44:34.444root 11241100x80000000000000003844193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aae230b02e1d8c2021-12-22 11:44:34.444root 11241100x80000000000000003844194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73872bf4b3eac6182021-12-22 11:44:34.445root 11241100x80000000000000003844195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae0f4b9b95294852021-12-22 11:44:34.943root 11241100x80000000000000003844196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f839fdbf43fdb92021-12-22 11:44:34.943root 11241100x80000000000000003844197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb7d80e26a765442021-12-22 11:44:34.943root 11241100x80000000000000003844198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf985ec825ee51442021-12-22 11:44:34.943root 11241100x80000000000000003844199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a72c8a534f90822021-12-22 11:44:34.943root 11241100x80000000000000003844200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a818ccd02dc4922021-12-22 11:44:34.943root 11241100x80000000000000003844201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed15289a005de46f2021-12-22 11:44:34.943root 11241100x80000000000000003844202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2b4c5eaf2fd2502021-12-22 11:44:34.943root 11241100x80000000000000003844203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea2097aeecc58612021-12-22 11:44:34.943root 11241100x80000000000000003844204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09e3ead9ee51f4e2021-12-22 11:44:34.944root 11241100x80000000000000003844205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da017db65b17ed3b2021-12-22 11:44:34.944root 11241100x80000000000000003844206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44af7d2d0366a1272021-12-22 11:44:34.944root 11241100x80000000000000003844207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960328a0d6ca20322021-12-22 11:44:34.944root 11241100x80000000000000003844208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba883f935fb06d692021-12-22 11:44:35.443root 11241100x80000000000000003844209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0399b6721fc5332021-12-22 11:44:35.443root 11241100x80000000000000003844210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07348c4b6e209b462021-12-22 11:44:35.443root 11241100x80000000000000003844211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942c3a0dca9d1eab2021-12-22 11:44:35.443root 11241100x80000000000000003844212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09727d911b18bc4e2021-12-22 11:44:35.443root 11241100x80000000000000003844213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03e23a821c25d502021-12-22 11:44:35.443root 11241100x80000000000000003844214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a15d051a7ff102021-12-22 11:44:35.444root 11241100x80000000000000003844215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b424ee39fce130b72021-12-22 11:44:35.444root 11241100x80000000000000003844216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5365e6fab7ecb62021-12-22 11:44:35.444root 11241100x80000000000000003844217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70380f88bd161c4b2021-12-22 11:44:35.444root 11241100x80000000000000003844218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60abc8ff19f414d2021-12-22 11:44:35.444root 11241100x80000000000000003844219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95faebcb778475d22021-12-22 11:44:35.444root 11241100x80000000000000003844220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8671217b18c083972021-12-22 11:44:35.444root 11241100x80000000000000003844221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c29d45932eeef52021-12-22 11:44:35.943root 11241100x80000000000000003844222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500e4eed2b4d2bff2021-12-22 11:44:35.943root 11241100x80000000000000003844223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5f22e9a866eef22021-12-22 11:44:35.943root 11241100x80000000000000003844224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c2064a965ba71f2021-12-22 11:44:35.943root 11241100x80000000000000003844225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1fa01981194ec02021-12-22 11:44:35.943root 11241100x80000000000000003844226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562a9bad727ea4702021-12-22 11:44:35.943root 11241100x80000000000000003844227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78062520a589a95b2021-12-22 11:44:35.944root 11241100x80000000000000003844228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd630e18ce01edb92021-12-22 11:44:35.944root 11241100x80000000000000003844229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae163576570ee812021-12-22 11:44:35.944root 11241100x80000000000000003844230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7800d649fae0d2ab2021-12-22 11:44:35.944root 11241100x80000000000000003844231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8690aed50d9f852021-12-22 11:44:35.944root 11241100x80000000000000003844232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb4e13ea03887c02021-12-22 11:44:35.944root 11241100x80000000000000003844233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04895ac4478490072021-12-22 11:44:35.944root 23542300x80000000000000003844234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.147{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003844235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3624e17cf30d473e2021-12-22 11:44:36.443root 11241100x80000000000000003844236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed14cfa601c0e81a2021-12-22 11:44:36.443root 11241100x80000000000000003844237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5f0fea753416ea2021-12-22 11:44:36.443root 11241100x80000000000000003844238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b48d1a4744a00182021-12-22 11:44:36.443root 11241100x80000000000000003844239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ede14ce2cc1f3ea2021-12-22 11:44:36.443root 11241100x80000000000000003844240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f12b012e4c4b5fa2021-12-22 11:44:36.443root 11241100x80000000000000003844241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16640e81d693dcc82021-12-22 11:44:36.443root 11241100x80000000000000003844242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a495c2683b95a722021-12-22 11:44:36.444root 11241100x80000000000000003844243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ea910ac0e308c12021-12-22 11:44:36.444root 11241100x80000000000000003844244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f66879ee8a19c002021-12-22 11:44:36.444root 11241100x80000000000000003844245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc3860949f7f5c72021-12-22 11:44:36.444root 11241100x80000000000000003844246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb5aa22de8537672021-12-22 11:44:36.444root 11241100x80000000000000003844247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e433587864ceb2021-12-22 11:44:36.444root 11241100x80000000000000003844248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5aa39aea6343d2021-12-22 11:44:36.444root 11241100x80000000000000003844249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d7e9e85c1c122b2021-12-22 11:44:36.943root 11241100x80000000000000003844250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1366b41eeb4598182021-12-22 11:44:36.944root 11241100x80000000000000003844251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b667d3b125f403d62021-12-22 11:44:36.944root 11241100x80000000000000003844252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84420fade70085f72021-12-22 11:44:36.944root 11241100x80000000000000003844253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9a61ac4831ac8f2021-12-22 11:44:36.945root 11241100x80000000000000003844254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278fff62cb4903232021-12-22 11:44:36.945root 11241100x80000000000000003844255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e85275ae8460602021-12-22 11:44:36.945root 11241100x80000000000000003844256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd479b6c1c4495b2021-12-22 11:44:36.945root 11241100x80000000000000003844257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8504e4fae4a4c72021-12-22 11:44:36.945root 11241100x80000000000000003844258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa85f20608cce3b2021-12-22 11:44:36.945root 11241100x80000000000000003844259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf5cb87b5cda5982021-12-22 11:44:36.945root 11241100x80000000000000003844260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09115fd10fca63cc2021-12-22 11:44:36.945root 11241100x80000000000000003844261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c4e13668f072082021-12-22 11:44:36.945root 11241100x80000000000000003844262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ee3ea2b3f4127a2021-12-22 11:44:36.945root 11241100x80000000000000003844263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20471b33eabf012a2021-12-22 11:44:37.443root 11241100x80000000000000003844264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acd34beb08eb5e92021-12-22 11:44:37.443root 11241100x80000000000000003844265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38082ed13ac504912021-12-22 11:44:37.443root 11241100x80000000000000003844266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5456d63323bb78c2021-12-22 11:44:37.443root 11241100x80000000000000003844267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65eb9ac8560d66bf2021-12-22 11:44:37.443root 11241100x80000000000000003844268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3d48ce04a41fc62021-12-22 11:44:37.443root 11241100x80000000000000003844269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4ec390ac59939c2021-12-22 11:44:37.443root 11241100x80000000000000003844270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031967d31a0afcb72021-12-22 11:44:37.444root 11241100x80000000000000003844271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4265a71aac3ce8812021-12-22 11:44:37.444root 11241100x80000000000000003844272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14e7758c12112782021-12-22 11:44:37.444root 11241100x80000000000000003844273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a149ac038d127e2021-12-22 11:44:37.444root 11241100x80000000000000003844274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9216672287d75712021-12-22 11:44:37.444root 11241100x80000000000000003844275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4befb903b8ca60672021-12-22 11:44:37.444root 11241100x80000000000000003844276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6edec9f238f74e2021-12-22 11:44:37.444root 11241100x80000000000000003844277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608c407c6a123e052021-12-22 11:44:37.943root 11241100x80000000000000003844278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67719403bac679032021-12-22 11:44:37.943root 11241100x80000000000000003844279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6b58b0f0240fab2021-12-22 11:44:37.943root 11241100x80000000000000003844280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fbedf770f374b22021-12-22 11:44:37.943root 11241100x80000000000000003844281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c487f5a0227f83df2021-12-22 11:44:37.943root 11241100x80000000000000003844282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546cc0eed492e3012021-12-22 11:44:37.943root 11241100x80000000000000003844283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3798234a5273cae92021-12-22 11:44:37.944root 11241100x80000000000000003844284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59721bb2933060ff2021-12-22 11:44:37.944root 11241100x80000000000000003844285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d4ecb00d9da6df2021-12-22 11:44:37.944root 11241100x80000000000000003844286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e684c66eeb5b97d2021-12-22 11:44:37.944root 11241100x80000000000000003844287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4580fafa60c9a232021-12-22 11:44:37.944root 11241100x80000000000000003844288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380e3fa7df3fccf92021-12-22 11:44:37.944root 11241100x80000000000000003844289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbddd12df500bac72021-12-22 11:44:37.944root 11241100x80000000000000003844290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aa9aa6635c5b7e2021-12-22 11:44:37.944root 11241100x80000000000000003844291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1e9e2a2af1c3352021-12-22 11:44:38.443root 11241100x80000000000000003844292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedd3ad14e9860542021-12-22 11:44:38.443root 11241100x80000000000000003844293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115ca8e5e78965bb2021-12-22 11:44:38.443root 11241100x80000000000000003844294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8598731c5c0149fb2021-12-22 11:44:38.443root 11241100x80000000000000003844295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371bfc0e00716c742021-12-22 11:44:38.444root 11241100x80000000000000003844296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b90615f825091a2021-12-22 11:44:38.444root 11241100x80000000000000003844297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeee11de9e168b52021-12-22 11:44:38.444root 11241100x80000000000000003844298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43de92461c474dc62021-12-22 11:44:38.444root 11241100x80000000000000003844299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7632288c1647ac0d2021-12-22 11:44:38.444root 11241100x80000000000000003844300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb674df9d991a982021-12-22 11:44:38.444root 11241100x80000000000000003844301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c2dd9a35d9fee2021-12-22 11:44:38.444root 11241100x80000000000000003844302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2480c0dcc95fa6072021-12-22 11:44:38.444root 11241100x80000000000000003844303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2892abb4234f3982021-12-22 11:44:38.444root 11241100x80000000000000003844304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f392e03311676f2021-12-22 11:44:38.444root 11241100x80000000000000003844305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a5c9efe0f5fc752021-12-22 11:44:38.943root 11241100x80000000000000003844306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651a5f26846be96e2021-12-22 11:44:38.943root 11241100x80000000000000003844307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b50daffcedac152021-12-22 11:44:38.943root 11241100x80000000000000003844308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b91949312f312bc2021-12-22 11:44:38.943root 11241100x80000000000000003844309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ed21cf1efad4c02021-12-22 11:44:38.943root 11241100x80000000000000003844310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86285d5ca148d96a2021-12-22 11:44:38.943root 11241100x80000000000000003844311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0518bba004eef2e82021-12-22 11:44:38.944root 11241100x80000000000000003844312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ba348fff6e0f02021-12-22 11:44:38.944root 11241100x80000000000000003844313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83a6f5f5e88b3c72021-12-22 11:44:38.944root 11241100x80000000000000003844314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d079ee1a8fc3e5f2021-12-22 11:44:38.944root 11241100x80000000000000003844315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d56addc0abf1062021-12-22 11:44:38.944root 11241100x80000000000000003844316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3a64b7f0d0dc302021-12-22 11:44:38.944root 11241100x80000000000000003844317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1eab9d592b3b6aa2021-12-22 11:44:38.944root 11241100x80000000000000003844318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b28673ad9cb366b2021-12-22 11:44:38.944root 354300x80000000000000003844319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.249{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55392-false10.0.1.12-8000- 11241100x80000000000000003844320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812b19779d75001f2021-12-22 11:44:39.250root 11241100x80000000000000003844321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9402acaa9aebe2712021-12-22 11:44:39.250root 11241100x80000000000000003844322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046f690e258b6e992021-12-22 11:44:39.250root 11241100x80000000000000003844323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9888cc3b90531482021-12-22 11:44:39.250root 11241100x80000000000000003844324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e449f46588189082021-12-22 11:44:39.251root 11241100x80000000000000003844325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ad752992ae3ba72021-12-22 11:44:39.251root 11241100x80000000000000003844326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9673f5aeeb1246f2021-12-22 11:44:39.251root 11241100x80000000000000003844327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74f06c69800ad262021-12-22 11:44:39.251root 11241100x80000000000000003844328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efaaded725b5fdff2021-12-22 11:44:39.251root 11241100x80000000000000003844329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406569a0cc12d9eb2021-12-22 11:44:39.251root 11241100x80000000000000003844330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c1a6db9a13ef312021-12-22 11:44:39.252root 11241100x80000000000000003844331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e40b46692c2f0b2021-12-22 11:44:39.252root 11241100x80000000000000003844332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c486420b19668ab2021-12-22 11:44:39.252root 11241100x80000000000000003844333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20741988ab29ca42021-12-22 11:44:39.252root 11241100x80000000000000003844334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd78afdf1d955b822021-12-22 11:44:39.252root 11241100x80000000000000003844335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f2807f0bed7f52021-12-22 11:44:39.252root 11241100x80000000000000003844336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.252{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7135c87393eff4892021-12-22 11:44:39.252root 11241100x80000000000000003844337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43ad2416b7e1cb52021-12-22 11:44:39.693root 11241100x80000000000000003844338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084d2140555e10d12021-12-22 11:44:39.693root 11241100x80000000000000003844339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089d6083008ba9892021-12-22 11:44:39.693root 11241100x80000000000000003844340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a41c2c97b551da2021-12-22 11:44:39.693root 11241100x80000000000000003844341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9017017835a3868c2021-12-22 11:44:39.693root 11241100x80000000000000003844342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7155ec176a64052021-12-22 11:44:39.693root 11241100x80000000000000003844343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666563ea1609f5eb2021-12-22 11:44:39.694root 11241100x80000000000000003844344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c885ca3c1858d7fb2021-12-22 11:44:39.694root 11241100x80000000000000003844345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37514353e9951dd32021-12-22 11:44:39.694root 11241100x80000000000000003844346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8f6067e839655e2021-12-22 11:44:39.694root 11241100x80000000000000003844347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fd2b2a4d6e9b3a2021-12-22 11:44:39.694root 11241100x80000000000000003844348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b82ca508eecbd332021-12-22 11:44:39.694root 11241100x80000000000000003844349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c02ec1cd5cb5682021-12-22 11:44:39.694root 11241100x80000000000000003844350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54f6c6573db97342021-12-22 11:44:39.694root 11241100x80000000000000003844351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99db28a830d03f42021-12-22 11:44:39.694root 11241100x80000000000000003844352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7723785b7c1f13582021-12-22 11:44:40.193root 11241100x80000000000000003844353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b807f06b0abcc8a2021-12-22 11:44:40.193root 11241100x80000000000000003844354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fa4fc2d002eafc2021-12-22 11:44:40.193root 11241100x80000000000000003844355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c32891eef7b6822021-12-22 11:44:40.193root 11241100x80000000000000003844356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6949e9e07748f98a2021-12-22 11:44:40.193root 11241100x80000000000000003844357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30528d336047e92021-12-22 11:44:40.193root 11241100x80000000000000003844358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc96b95151e295d2021-12-22 11:44:40.194root 11241100x80000000000000003844359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaa2a8b1028f33f2021-12-22 11:44:40.194root 11241100x80000000000000003844360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713b0edc5b0cdb872021-12-22 11:44:40.194root 11241100x80000000000000003844361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ed588c1916cb912021-12-22 11:44:40.194root 11241100x80000000000000003844362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2b4ea0cbcabe712021-12-22 11:44:40.194root 11241100x80000000000000003844363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae84197ee61100ed2021-12-22 11:44:40.194root 11241100x80000000000000003844364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f620278ead1325d2021-12-22 11:44:40.194root 11241100x80000000000000003844365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc941b9c724340932021-12-22 11:44:40.194root 11241100x80000000000000003844366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb83fd16613cf1f72021-12-22 11:44:40.194root 11241100x80000000000000003844367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e150181f233529202021-12-22 11:44:40.693root 11241100x80000000000000003844368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44b8ef2c37508d22021-12-22 11:44:40.693root 11241100x80000000000000003844369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f80894236f56582021-12-22 11:44:40.693root 11241100x80000000000000003844370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c1f0476b971ad52021-12-22 11:44:40.693root 11241100x80000000000000003844371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad60609fda86dfe2021-12-22 11:44:40.693root 11241100x80000000000000003844372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f367bfdb092acd12021-12-22 11:44:40.693root 11241100x80000000000000003844373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0102e48916d9b8702021-12-22 11:44:40.693root 11241100x80000000000000003844374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bcad18498858b32021-12-22 11:44:40.694root 11241100x80000000000000003844375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd840a51c76826b2021-12-22 11:44:40.694root 11241100x80000000000000003844376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2416b436210ee5552021-12-22 11:44:40.694root 11241100x80000000000000003844377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d846da93b7cd3b2021-12-22 11:44:40.694root 11241100x80000000000000003844378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce55d6af3d00d562021-12-22 11:44:40.694root 11241100x80000000000000003844379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6f49781b75c3c32021-12-22 11:44:40.694root 11241100x80000000000000003844380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d616823a1e811f302021-12-22 11:44:40.694root 11241100x80000000000000003844381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c67ad995ab204812021-12-22 11:44:40.694root 11241100x80000000000000003844382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9016b49a0351c3582021-12-22 11:44:41.193root 11241100x80000000000000003844383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5761bb7a99cd594e2021-12-22 11:44:41.193root 11241100x80000000000000003844384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef6d55d51ef9b3f2021-12-22 11:44:41.193root 11241100x80000000000000003844385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3f4d2943d8deae2021-12-22 11:44:41.193root 11241100x80000000000000003844386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e31b7e7b290bc542021-12-22 11:44:41.193root 11241100x80000000000000003844387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0418df94b4266a2021-12-22 11:44:41.193root 11241100x80000000000000003844388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae75e2af6e8bc3e02021-12-22 11:44:41.194root 11241100x80000000000000003844389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecd41348c45d95d2021-12-22 11:44:41.194root 11241100x80000000000000003844390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48860f4533c522402021-12-22 11:44:41.194root 11241100x80000000000000003844391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5e64d5ecce78892021-12-22 11:44:41.194root 11241100x80000000000000003844392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1620006e29fea47e2021-12-22 11:44:41.194root 11241100x80000000000000003844393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ed08da115c3e462021-12-22 11:44:41.194root 11241100x80000000000000003844394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32871d38eb97925c2021-12-22 11:44:41.194root 11241100x80000000000000003844395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6703eddd2533dd62021-12-22 11:44:41.194root 11241100x80000000000000003844396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c2185c9827f8092021-12-22 11:44:41.194root 11241100x80000000000000003844397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7849890a3ccf232021-12-22 11:44:41.693root 11241100x80000000000000003844398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0098d25826d7405b2021-12-22 11:44:41.693root 11241100x80000000000000003844399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54154db56f5ae04c2021-12-22 11:44:41.693root 11241100x80000000000000003844400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83036821084533d2021-12-22 11:44:41.693root 11241100x80000000000000003844401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd19517c728f79b2021-12-22 11:44:41.693root 11241100x80000000000000003844402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57367a3975109ff2021-12-22 11:44:41.693root 11241100x80000000000000003844403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4260385b82760f462021-12-22 11:44:41.693root 11241100x80000000000000003844404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfabc4fe70e3a372021-12-22 11:44:41.694root 11241100x80000000000000003844405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2de1e27a6a3d0a2021-12-22 11:44:41.694root 11241100x80000000000000003844406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b3dcc1519038682021-12-22 11:44:41.694root 11241100x80000000000000003844407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d675a205cf18172021-12-22 11:44:41.694root 11241100x80000000000000003844408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea470475512cb12021-12-22 11:44:41.694root 11241100x80000000000000003844409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a0cba1214d09712021-12-22 11:44:41.694root 11241100x80000000000000003844410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e318ab94dbce22021-12-22 11:44:41.694root 11241100x80000000000000003844411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396fe7da808807c02021-12-22 11:44:41.694root 11241100x80000000000000003844412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d418ea9d5e4c682021-12-22 11:44:42.193root 11241100x80000000000000003844413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8446a5cc595b0b5f2021-12-22 11:44:42.193root 11241100x80000000000000003844414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c3542308e80e1f2021-12-22 11:44:42.193root 11241100x80000000000000003844415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26701450dfc92202021-12-22 11:44:42.193root 11241100x80000000000000003844416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67052515b20b35a2021-12-22 11:44:42.193root 11241100x80000000000000003844417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42970fc161c9974b2021-12-22 11:44:42.193root 11241100x80000000000000003844418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701dc609075c6c862021-12-22 11:44:42.194root 11241100x80000000000000003844419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a1e7477246f30a2021-12-22 11:44:42.194root 11241100x80000000000000003844420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16a64b5360b6b6a2021-12-22 11:44:42.194root 11241100x80000000000000003844421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9729dc7585141a2c2021-12-22 11:44:42.194root 11241100x80000000000000003844422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397de97817cee812021-12-22 11:44:42.194root 11241100x80000000000000003844423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50200177963f18842021-12-22 11:44:42.194root 11241100x80000000000000003844424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a769e69ff4a89a712021-12-22 11:44:42.194root 11241100x80000000000000003844425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b9873f75e1e8832021-12-22 11:44:42.194root 11241100x80000000000000003844426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40cdb81ac98e5122021-12-22 11:44:42.194root 11241100x80000000000000003844427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a910f42cb092a32021-12-22 11:44:42.693root 11241100x80000000000000003844428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afc1b56759f98e72021-12-22 11:44:42.693root 11241100x80000000000000003844429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b8928fe37e9c162021-12-22 11:44:42.693root 11241100x80000000000000003844430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f336b6cd70ba97e42021-12-22 11:44:42.693root 11241100x80000000000000003844431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3350d149b77080152021-12-22 11:44:42.693root 11241100x80000000000000003844432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201bf5a4a34a63d42021-12-22 11:44:42.693root 11241100x80000000000000003844433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52012a94ca2e7f9a2021-12-22 11:44:42.693root 11241100x80000000000000003844434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae9b59dc9ddecf12021-12-22 11:44:42.694root 11241100x80000000000000003844435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ce23e587b91a082021-12-22 11:44:42.694root 11241100x80000000000000003844436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a342bebf29fc3c2021-12-22 11:44:42.694root 11241100x80000000000000003844437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9bcd6c70b13e332021-12-22 11:44:42.694root 11241100x80000000000000003844438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbedcb47a03cd922021-12-22 11:44:42.694root 11241100x80000000000000003844439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947328fb02d6829a2021-12-22 11:44:42.694root 11241100x80000000000000003844440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128df4d879e065962021-12-22 11:44:42.694root 11241100x80000000000000003844441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310d1d14ecac77682021-12-22 11:44:42.694root 11241100x80000000000000003844442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05435c6fcd8640de2021-12-22 11:44:43.193root 11241100x80000000000000003844443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dab75740eb39d22021-12-22 11:44:43.193root 11241100x80000000000000003844444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bfa03e141a351f2021-12-22 11:44:43.193root 11241100x80000000000000003844445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448b75fcf2d76062021-12-22 11:44:43.193root 11241100x80000000000000003844446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4efa0474c2e31c2f2021-12-22 11:44:43.193root 11241100x80000000000000003844447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39794d857906de52021-12-22 11:44:43.193root 11241100x80000000000000003844448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87798dda7842633a2021-12-22 11:44:43.194root 11241100x80000000000000003844449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cea435442c5c3de2021-12-22 11:44:43.194root 11241100x80000000000000003844450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca6868094d65d5e2021-12-22 11:44:43.194root 11241100x80000000000000003844451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c549ca162007cb642021-12-22 11:44:43.194root 11241100x80000000000000003844452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0000fadf854202d82021-12-22 11:44:43.194root 11241100x80000000000000003844453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3235402ed6d8cdc22021-12-22 11:44:43.194root 11241100x80000000000000003844454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb11d3a89e8ac502021-12-22 11:44:43.194root 11241100x80000000000000003844455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c04b4f09a577b472021-12-22 11:44:43.194root 11241100x80000000000000003844456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48403501f0906c5e2021-12-22 11:44:43.194root 11241100x80000000000000003844457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c54e64032356272021-12-22 11:44:43.693root 11241100x80000000000000003844458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59adc77cd64456c2021-12-22 11:44:43.693root 11241100x80000000000000003844459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f969f9e9e002f24b2021-12-22 11:44:43.693root 11241100x80000000000000003844460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f0ff84baad8a022021-12-22 11:44:43.693root 11241100x80000000000000003844461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1bcde592e476d2021-12-22 11:44:43.694root 11241100x80000000000000003844462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bb7a7ba82857582021-12-22 11:44:43.694root 11241100x80000000000000003844463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01093c0274d7c8372021-12-22 11:44:43.694root 11241100x80000000000000003844464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a54086827295642021-12-22 11:44:43.694root 11241100x80000000000000003844465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d140422ec81cf812021-12-22 11:44:43.694root 11241100x80000000000000003844466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9177cb1eeb9a5d62021-12-22 11:44:43.695root 11241100x80000000000000003844467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae55362818bb88a82021-12-22 11:44:43.695root 11241100x80000000000000003844468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565f1a07888c5a362021-12-22 11:44:43.695root 11241100x80000000000000003844469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b55a68c71401f2f2021-12-22 11:44:43.695root 11241100x80000000000000003844470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9d1cc1f949d91d2021-12-22 11:44:43.695root 11241100x80000000000000003844471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e5be30935b434a2021-12-22 11:44:43.695root 11241100x80000000000000003844472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8450f047eed7c9ac2021-12-22 11:44:44.193root 11241100x80000000000000003844473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60edb4b720e5ac922021-12-22 11:44:44.193root 11241100x80000000000000003844474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13e71ce12e751b12021-12-22 11:44:44.193root 11241100x80000000000000003844475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235385244288c8302021-12-22 11:44:44.193root 11241100x80000000000000003844476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b1a2b827bcaf992021-12-22 11:44:44.193root 11241100x80000000000000003844477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4277e86f6be0eca02021-12-22 11:44:44.193root 11241100x80000000000000003844478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd2a238a0cca2952021-12-22 11:44:44.193root 11241100x80000000000000003844479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e97788015f22b4e2021-12-22 11:44:44.193root 11241100x80000000000000003844480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2270780bb2484d52021-12-22 11:44:44.194root 11241100x80000000000000003844481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f24fbef885e5c32021-12-22 11:44:44.194root 11241100x80000000000000003844482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeccea4f4f3ca5842021-12-22 11:44:44.194root 11241100x80000000000000003844483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6913857eb57a19632021-12-22 11:44:44.194root 11241100x80000000000000003844484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a586acc60d061a2021-12-22 11:44:44.194root 11241100x80000000000000003844485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783f8f94a9fbe1e2021-12-22 11:44:44.194root 11241100x80000000000000003844486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa39b3d59a7896632021-12-22 11:44:44.194root 11241100x80000000000000003844487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da777962f9cb2952021-12-22 11:44:44.693root 11241100x80000000000000003844488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8571b865c3a6d9f42021-12-22 11:44:44.693root 11241100x80000000000000003844489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71085761b4ab60e2021-12-22 11:44:44.693root 11241100x80000000000000003844490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbccab9b22c429a92021-12-22 11:44:44.693root 11241100x80000000000000003844491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7437093ec12087762021-12-22 11:44:44.693root 11241100x80000000000000003844492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2dd4dc4ad0ec742021-12-22 11:44:44.693root 11241100x80000000000000003844493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200bafc151ea6d062021-12-22 11:44:44.693root 11241100x80000000000000003844494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06585be677a428222021-12-22 11:44:44.694root 11241100x80000000000000003844495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd29a169406d26c2021-12-22 11:44:44.694root 11241100x80000000000000003844496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080414c403db43022021-12-22 11:44:44.694root 11241100x80000000000000003844497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bba44bfb30176942021-12-22 11:44:44.694root 11241100x80000000000000003844498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b20f0ffd9ee3b1a2021-12-22 11:44:44.694root 11241100x80000000000000003844499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91f3ff4874cd362021-12-22 11:44:44.694root 11241100x80000000000000003844500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68de27411b01588a2021-12-22 11:44:44.694root 11241100x80000000000000003844501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4286c2211f8774df2021-12-22 11:44:44.694root 354300x80000000000000003844502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.138{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55394-false10.0.1.12-8000- 11241100x80000000000000003844503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb1505dfbaf3b1d2021-12-22 11:44:45.139root 11241100x80000000000000003844504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90b27c91fcc7efd2021-12-22 11:44:45.139root 11241100x80000000000000003844505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03941ed37f6a041d2021-12-22 11:44:45.139root 11241100x80000000000000003844506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6cd5c3ca458f562021-12-22 11:44:45.140root 11241100x80000000000000003844507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87233ed1b1b169b62021-12-22 11:44:45.140root 11241100x80000000000000003844508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003b79f869dcd27f2021-12-22 11:44:45.140root 11241100x80000000000000003844509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14089feffeecc72b2021-12-22 11:44:45.140root 11241100x80000000000000003844510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d63d2b73ffffe332021-12-22 11:44:45.140root 11241100x80000000000000003844511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37baf532729f70152021-12-22 11:44:45.140root 11241100x80000000000000003844512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872c40defcfe3dc82021-12-22 11:44:45.140root 11241100x80000000000000003844513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9b4b0f349b81e2021-12-22 11:44:45.140root 11241100x80000000000000003844514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430e0e5d70eea25c2021-12-22 11:44:45.140root 11241100x80000000000000003844515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69107b4552628a2021-12-22 11:44:45.140root 11241100x80000000000000003844516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13f23795e7e04522021-12-22 11:44:45.141root 11241100x80000000000000003844517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e736a233d376a42021-12-22 11:44:45.141root 11241100x80000000000000003844518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f9556aff5870b12021-12-22 11:44:45.141root 11241100x80000000000000003844519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32cc5e7671c4d7e2021-12-22 11:44:45.141root 11241100x80000000000000003844520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738234981715d5062021-12-22 11:44:45.141root 11241100x80000000000000003844521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f429706d8082eb72021-12-22 11:44:45.141root 11241100x80000000000000003844522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fb318cdb040d252021-12-22 11:44:45.141root 11241100x80000000000000003844523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a1b92fbbed17cf2021-12-22 11:44:45.141root 11241100x80000000000000003844524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5b67ac0b9a2bf32021-12-22 11:44:45.141root 11241100x80000000000000003844525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8dd8ee7d5063c32021-12-22 11:44:45.443root 11241100x80000000000000003844526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6c2491f8efadb12021-12-22 11:44:45.443root 11241100x80000000000000003844527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69095f0d9dc6f6b52021-12-22 11:44:45.443root 11241100x80000000000000003844528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ea2f58acaba7cb2021-12-22 11:44:45.443root 11241100x80000000000000003844529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32e5719a857c7f12021-12-22 11:44:45.443root 11241100x80000000000000003844530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e45b7ce057b65b2021-12-22 11:44:45.444root 11241100x80000000000000003844531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ced1bd8ef31dcf2021-12-22 11:44:45.444root 11241100x80000000000000003844532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f6ee942c81c4532021-12-22 11:44:45.444root 11241100x80000000000000003844533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e0dc506cbcb6dd2021-12-22 11:44:45.444root 11241100x80000000000000003844534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6739a64d4e584be32021-12-22 11:44:45.444root 11241100x80000000000000003844535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4985ecd67780c0072021-12-22 11:44:45.444root 11241100x80000000000000003844536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1b8362c2287b722021-12-22 11:44:45.444root 11241100x80000000000000003844537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7f9872129760402021-12-22 11:44:45.444root 11241100x80000000000000003844538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ca4bfa5643e69d2021-12-22 11:44:45.444root 11241100x80000000000000003844539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aeb5501cbf33322021-12-22 11:44:45.444root 11241100x80000000000000003844540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98520ad8e7f280c52021-12-22 11:44:45.444root 11241100x80000000000000003844541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9509b80767e4ddba2021-12-22 11:44:45.943root 11241100x80000000000000003844542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c51b62ba514da52021-12-22 11:44:45.943root 11241100x80000000000000003844543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7b971e9df98b5d2021-12-22 11:44:45.943root 11241100x80000000000000003844544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09788cce7c3770d92021-12-22 11:44:45.943root 11241100x80000000000000003844545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122358cb6977a1c92021-12-22 11:44:45.943root 11241100x80000000000000003844546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2888126503f57b462021-12-22 11:44:45.943root 11241100x80000000000000003844547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7695033fc5901672021-12-22 11:44:45.944root 11241100x80000000000000003844548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96682758226354032021-12-22 11:44:45.944root 11241100x80000000000000003844549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99458c866370bd92021-12-22 11:44:45.944root 11241100x80000000000000003844550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44fdb4e280e242f2021-12-22 11:44:45.944root 11241100x80000000000000003844551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1675ed29b4fa066a2021-12-22 11:44:45.944root 11241100x80000000000000003844552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566e6c981ec6019d2021-12-22 11:44:45.944root 11241100x80000000000000003844553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e55d6b9299673c12021-12-22 11:44:45.944root 11241100x80000000000000003844554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f400702d6804e332021-12-22 11:44:45.944root 11241100x80000000000000003844555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc15b0f012e4f9f02021-12-22 11:44:45.944root 11241100x80000000000000003844556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33edbfdefb1026d2021-12-22 11:44:45.945root 11241100x80000000000000003844557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee11bc42ebc3bc3c2021-12-22 11:44:46.443root 11241100x80000000000000003844558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2add79dc87b1ef4a2021-12-22 11:44:46.443root 11241100x80000000000000003844559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131e886a285f78732021-12-22 11:44:46.443root 11241100x80000000000000003844560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95704e5716c027ab2021-12-22 11:44:46.443root 11241100x80000000000000003844561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa1aeb7678debb62021-12-22 11:44:46.443root 11241100x80000000000000003844562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7f2e0f326968aa2021-12-22 11:44:46.443root 11241100x80000000000000003844563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f8284125ae0b42021-12-22 11:44:46.444root 11241100x80000000000000003844564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e817afcc4f87c2021-12-22 11:44:46.444root 11241100x80000000000000003844565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bd12c6b5be98652021-12-22 11:44:46.444root 11241100x80000000000000003844566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f7f01badc494182021-12-22 11:44:46.444root 11241100x80000000000000003844567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc4023a98af808a2021-12-22 11:44:46.445root 11241100x80000000000000003844568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51783adfd0c9afb2021-12-22 11:44:46.445root 11241100x80000000000000003844569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3a0521f4d9f50c2021-12-22 11:44:46.445root 11241100x80000000000000003844570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29451dd1fa5c61612021-12-22 11:44:46.445root 11241100x80000000000000003844571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f975332b309c10292021-12-22 11:44:46.446root 11241100x80000000000000003844572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1c4a9f0b0169192021-12-22 11:44:46.446root 11241100x80000000000000003844573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e98f42296af80122021-12-22 11:44:46.943root 11241100x80000000000000003844574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd807392ff788242021-12-22 11:44:46.943root 11241100x80000000000000003844575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e934cf424a37e02021-12-22 11:44:46.943root 11241100x80000000000000003844576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0071c3449992822021-12-22 11:44:46.943root 11241100x80000000000000003844577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed24722eb82e6952021-12-22 11:44:46.944root 11241100x80000000000000003844578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2c62b57c9c9b7a2021-12-22 11:44:46.944root 11241100x80000000000000003844579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740af8504207d8dc2021-12-22 11:44:46.944root 11241100x80000000000000003844580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b78abdda3a276c22021-12-22 11:44:46.944root 11241100x80000000000000003844581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c9f6dd0bf8e8f22021-12-22 11:44:46.944root 11241100x80000000000000003844582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59f5befb2ec6a552021-12-22 11:44:46.945root 11241100x80000000000000003844583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e62dbd735b6b5062021-12-22 11:44:46.945root 11241100x80000000000000003844584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228579a9a3e34d7b2021-12-22 11:44:46.945root 11241100x80000000000000003844585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8028818d855f8abb2021-12-22 11:44:46.945root 11241100x80000000000000003844586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a620cc31532df2021-12-22 11:44:46.945root 11241100x80000000000000003844587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db19a0bb582daf462021-12-22 11:44:46.945root 11241100x80000000000000003844588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1f25cb4270a9a02021-12-22 11:44:46.945root 11241100x80000000000000003844589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfca097af6103c02021-12-22 11:44:47.443root 11241100x80000000000000003844590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be1a54c6542a0912021-12-22 11:44:47.443root 11241100x80000000000000003844591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0793d8cef82afca2021-12-22 11:44:47.443root 11241100x80000000000000003844592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04040eeb55c5702021-12-22 11:44:47.443root 11241100x80000000000000003844593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ba6bc52a0c13f62021-12-22 11:44:47.443root 11241100x80000000000000003844594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5247ebf379d555c82021-12-22 11:44:47.444root 11241100x80000000000000003844595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7caa67b67d3263852021-12-22 11:44:47.444root 11241100x80000000000000003844596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101616a0a2fdc1bf2021-12-22 11:44:47.444root 11241100x80000000000000003844597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7848598d34714ad2021-12-22 11:44:47.444root 11241100x80000000000000003844598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e02e9f505070b012021-12-22 11:44:47.444root 11241100x80000000000000003844599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3593a63dd4e32ceb2021-12-22 11:44:47.444root 11241100x80000000000000003844600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d215d0e2d8d8d22021-12-22 11:44:47.444root 11241100x80000000000000003844601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ab8580f974a5432021-12-22 11:44:47.444root 11241100x80000000000000003844602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598813c4f776bcae2021-12-22 11:44:47.444root 11241100x80000000000000003844603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc15ebe04a7cfee42021-12-22 11:44:47.444root 11241100x80000000000000003844604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50142809da40d6e02021-12-22 11:44:47.444root 11241100x80000000000000003844605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f07f30d74ac8302021-12-22 11:44:47.943root 11241100x80000000000000003844606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a940bf4031436d312021-12-22 11:44:47.943root 11241100x80000000000000003844607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbaccb3337cf91c2021-12-22 11:44:47.943root 11241100x80000000000000003844608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492710c17df8c7d12021-12-22 11:44:47.943root 11241100x80000000000000003844609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08bc65177b1e3472021-12-22 11:44:47.943root 11241100x80000000000000003844610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44966f429a896e72021-12-22 11:44:47.943root 11241100x80000000000000003844611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29abb9f418a84a92021-12-22 11:44:47.944root 11241100x80000000000000003844612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0c830c0d267bc82021-12-22 11:44:47.944root 11241100x80000000000000003844613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e84074f8fcd6682021-12-22 11:44:47.944root 11241100x80000000000000003844614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7026e058772603c2021-12-22 11:44:47.944root 11241100x80000000000000003844615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8570b563acde58b2021-12-22 11:44:47.944root 11241100x80000000000000003844616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9162c9708f94402021-12-22 11:44:47.944root 11241100x80000000000000003844617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72db25fbd7bfcbd2021-12-22 11:44:47.944root 11241100x80000000000000003844618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e238b546bd83c1d2021-12-22 11:44:47.944root 11241100x80000000000000003844619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02800d9914450fc72021-12-22 11:44:47.944root 11241100x80000000000000003844620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835bb597696e90a2021-12-22 11:44:47.944root 11241100x80000000000000003844621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf4b50046d0c982021-12-22 11:44:48.443root 11241100x80000000000000003844622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa92814f7aeef852021-12-22 11:44:48.444root 11241100x80000000000000003844623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4423ae0618864702021-12-22 11:44:48.444root 11241100x80000000000000003844624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa33b8aaca71caa2021-12-22 11:44:48.444root 11241100x80000000000000003844625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa620ea2cd439a042021-12-22 11:44:48.444root 11241100x80000000000000003844626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6232fe92ecafde902021-12-22 11:44:48.444root 11241100x80000000000000003844627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f7ff767d9014492021-12-22 11:44:48.444root 11241100x80000000000000003844628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f308a55d78e409912021-12-22 11:44:48.445root 11241100x80000000000000003844629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d26af74c7a6582021-12-22 11:44:48.445root 11241100x80000000000000003844630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37c24ecb15605e92021-12-22 11:44:48.445root 11241100x80000000000000003844631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47027ee322d2852c2021-12-22 11:44:48.445root 11241100x80000000000000003844632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c3a98bcbf575a2021-12-22 11:44:48.445root 11241100x80000000000000003844633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e395dd0e54fc7112021-12-22 11:44:48.445root 11241100x80000000000000003844634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b5be1ce320b6fe2021-12-22 11:44:48.445root 11241100x80000000000000003844635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53728f5d2c1a31b2021-12-22 11:44:48.445root 11241100x80000000000000003844636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a68d2c7d48c81f02021-12-22 11:44:48.446root 11241100x80000000000000003844637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9594200b7d5ca8292021-12-22 11:44:48.943root 11241100x80000000000000003844638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe60b69145f4e2c32021-12-22 11:44:48.943root 11241100x80000000000000003844639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a1b4de0e81bd8f2021-12-22 11:44:48.943root 11241100x80000000000000003844640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd40a84da6cc3a92021-12-22 11:44:48.943root 11241100x80000000000000003844641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b7da70dfcd27712021-12-22 11:44:48.943root 11241100x80000000000000003844642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f60726559d544e92021-12-22 11:44:48.944root 11241100x80000000000000003844643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0d9696a277ae472021-12-22 11:44:48.944root 11241100x80000000000000003844644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664a6248b25dab202021-12-22 11:44:48.944root 11241100x80000000000000003844645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e9c1bd6262d1532021-12-22 11:44:48.944root 11241100x80000000000000003844646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5733171e2d567ef62021-12-22 11:44:48.944root 11241100x80000000000000003844647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835cb5f922159ab2021-12-22 11:44:48.944root 11241100x80000000000000003844648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17c786d2c36c8902021-12-22 11:44:48.944root 11241100x80000000000000003844649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbe3c9ffa49b6a32021-12-22 11:44:48.944root 11241100x80000000000000003844650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a74a5b8ed5db1e2021-12-22 11:44:48.945root 11241100x80000000000000003844651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98dead0ba4aaae562021-12-22 11:44:48.945root 11241100x80000000000000003844652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a3d441dc232b8f2021-12-22 11:44:48.945root 11241100x80000000000000003844653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c59d8766aeb6c62021-12-22 11:44:49.443root 11241100x80000000000000003844654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304cc5a80ac0d3712021-12-22 11:44:49.443root 11241100x80000000000000003844655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fd072c71fffa5b2021-12-22 11:44:49.443root 11241100x80000000000000003844656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42b83a5fa64a1922021-12-22 11:44:49.443root 11241100x80000000000000003844657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf46f4b680676632021-12-22 11:44:49.444root 11241100x80000000000000003844658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ab93161fda79012021-12-22 11:44:49.444root 11241100x80000000000000003844659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249b7811ab1bf9602021-12-22 11:44:49.444root 11241100x80000000000000003844660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4690da4cc99e0d752021-12-22 11:44:49.444root 11241100x80000000000000003844661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4535f0897f1c0c1b2021-12-22 11:44:49.444root 11241100x80000000000000003844662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d9e8036a19c39f2021-12-22 11:44:49.444root 11241100x80000000000000003844663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e87f0a858cab5632021-12-22 11:44:49.444root 11241100x80000000000000003844664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66e7d7cc18d004a2021-12-22 11:44:49.444root 11241100x80000000000000003844665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2661ac4e8c6103c12021-12-22 11:44:49.444root 11241100x80000000000000003844666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5faa20ae35a48a562021-12-22 11:44:49.444root 11241100x80000000000000003844667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fb06225d3e78422021-12-22 11:44:49.445root 11241100x80000000000000003844668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f89b5c721b1a6b2021-12-22 11:44:49.445root 11241100x80000000000000003844669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efdb36d179f71eb2021-12-22 11:44:49.943root 11241100x80000000000000003844670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29984e3e8973b8392021-12-22 11:44:49.943root 11241100x80000000000000003844671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a51ae7dbe8c20b2021-12-22 11:44:49.943root 11241100x80000000000000003844672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd313fbd374f06c2021-12-22 11:44:49.943root 11241100x80000000000000003844673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4407c2f7b2a926d2021-12-22 11:44:49.943root 11241100x80000000000000003844674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17ad1056b8df4892021-12-22 11:44:49.943root 11241100x80000000000000003844675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397d2d20b2c474d2021-12-22 11:44:49.943root 11241100x80000000000000003844676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd4f9d6130fedc22021-12-22 11:44:49.944root 11241100x80000000000000003844677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e75f58265beba862021-12-22 11:44:49.944root 11241100x80000000000000003844678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b64ee64070c1f2021-12-22 11:44:49.944root 11241100x80000000000000003844679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232887076f14f4c52021-12-22 11:44:49.944root 11241100x80000000000000003844680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b63898cea7d0c7c2021-12-22 11:44:49.944root 11241100x80000000000000003844681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acf8a9f993daa9a2021-12-22 11:44:49.944root 11241100x80000000000000003844682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f3f12988d7cf102021-12-22 11:44:49.944root 11241100x80000000000000003844683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95605d693678b1052021-12-22 11:44:49.944root 11241100x80000000000000003844684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25f9f281f4c181c2021-12-22 11:44:49.944root 11241100x80000000000000003844685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa37353e82c95e8d2021-12-22 11:44:50.443root 11241100x80000000000000003844686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db29621e02a0dd02021-12-22 11:44:50.443root 11241100x80000000000000003844687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c45757b1ee84c82021-12-22 11:44:50.443root 11241100x80000000000000003844688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c615d4a6029dfedf2021-12-22 11:44:50.443root 11241100x80000000000000003844689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364157a9a5c54c42021-12-22 11:44:50.443root 11241100x80000000000000003844690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52376982bd207bc92021-12-22 11:44:50.443root 11241100x80000000000000003844691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7886101bc38da36f2021-12-22 11:44:50.443root 11241100x80000000000000003844692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1847b13d9ed5142021-12-22 11:44:50.444root 11241100x80000000000000003844693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0a8d27c72419c22021-12-22 11:44:50.444root 11241100x80000000000000003844694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0a5bf5ef8076582021-12-22 11:44:50.444root 11241100x80000000000000003844695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bbbbeea487a0c22021-12-22 11:44:50.444root 11241100x80000000000000003844696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb97b4cd6b33b162021-12-22 11:44:50.444root 11241100x80000000000000003844697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a601e82c1436ee2021-12-22 11:44:50.444root 11241100x80000000000000003844698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e67a17797a9ec2021-12-22 11:44:50.444root 11241100x80000000000000003844699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd0fbdb3b6657b42021-12-22 11:44:50.444root 11241100x80000000000000003844700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99253b804827dc862021-12-22 11:44:50.444root 11241100x80000000000000003844701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f078f3ffdff7e2021-12-22 11:44:50.944root 11241100x80000000000000003844702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70df1052ac159bf22021-12-22 11:44:50.945root 11241100x80000000000000003844703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f07b52e9c2656272021-12-22 11:44:50.945root 11241100x80000000000000003844704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9115aaa8f3722ae02021-12-22 11:44:50.945root 11241100x80000000000000003844705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02061a3648391582021-12-22 11:44:50.945root 11241100x80000000000000003844706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34e206b61fb9c772021-12-22 11:44:50.945root 11241100x80000000000000003844707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef40fbce40da59b2021-12-22 11:44:50.945root 11241100x80000000000000003844708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e17ab93e564e8ef2021-12-22 11:44:50.945root 11241100x80000000000000003844709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6133e19dad86fbf42021-12-22 11:44:50.945root 11241100x80000000000000003844710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ebe7bc67a2f7c92021-12-22 11:44:50.945root 11241100x80000000000000003844711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918167d46a55e3d12021-12-22 11:44:50.945root 11241100x80000000000000003844712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1d34254dca3e22021-12-22 11:44:50.945root 11241100x80000000000000003844713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cb4f540f7438c32021-12-22 11:44:50.945root 11241100x80000000000000003844714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e94882caed5f622021-12-22 11:44:50.945root 11241100x80000000000000003844715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6291d0391154366c2021-12-22 11:44:50.946root 11241100x80000000000000003844716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7575a8f2b580bd872021-12-22 11:44:50.946root 354300x80000000000000003844717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.114{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55396-false10.0.1.12-8000- 11241100x80000000000000003844718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921bf433e2a9ac442021-12-22 11:44:51.443root 11241100x80000000000000003844719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ac36302cb139222021-12-22 11:44:51.443root 11241100x80000000000000003844720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b3167b30a6dc932021-12-22 11:44:51.443root 11241100x80000000000000003844721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9a7c4a4891230a2021-12-22 11:44:51.443root 11241100x80000000000000003844722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f14c188ca91ac2021-12-22 11:44:51.443root 11241100x80000000000000003844723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781968594d8453dd2021-12-22 11:44:51.443root 11241100x80000000000000003844724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d880b63cb9866fa02021-12-22 11:44:51.444root 11241100x80000000000000003844725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082dafe52353e2452021-12-22 11:44:51.444root 11241100x80000000000000003844726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9dea97c97d2e952021-12-22 11:44:51.444root 11241100x80000000000000003844727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917942a26a064b7b2021-12-22 11:44:51.444root 11241100x80000000000000003844728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d00998423cf4a12021-12-22 11:44:51.444root 11241100x80000000000000003844729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935889b090ff8cba2021-12-22 11:44:51.444root 11241100x80000000000000003844730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdfcf146fc2b26c2021-12-22 11:44:51.444root 11241100x80000000000000003844731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1147fb87d29f67802021-12-22 11:44:51.444root 11241100x80000000000000003844732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d4d84e91baf9062021-12-22 11:44:51.444root 11241100x80000000000000003844733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775ca34731038a5e2021-12-22 11:44:51.445root 11241100x80000000000000003844734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef497965878406c92021-12-22 11:44:51.445root 11241100x80000000000000003844735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf902656a6566ba42021-12-22 11:44:51.943root 11241100x80000000000000003844736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac51796883e0b402021-12-22 11:44:51.943root 11241100x80000000000000003844737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405ca2c4a6c2becb2021-12-22 11:44:51.943root 11241100x80000000000000003844738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1148f0140aca017c2021-12-22 11:44:51.943root 11241100x80000000000000003844739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b37a62ed8e2429a2021-12-22 11:44:51.944root 11241100x80000000000000003844740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376f2680957b505c2021-12-22 11:44:51.944root 11241100x80000000000000003844741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d3fe9245d8e0072021-12-22 11:44:51.944root 11241100x80000000000000003844742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c43120194baba42021-12-22 11:44:51.944root 11241100x80000000000000003844743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ef84ddb659c81f2021-12-22 11:44:51.944root 11241100x80000000000000003844744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9693f45c81b7f552021-12-22 11:44:51.944root 11241100x80000000000000003844745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4a7203962628972021-12-22 11:44:51.944root 11241100x80000000000000003844746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb9a157658e83052021-12-22 11:44:51.944root 11241100x80000000000000003844747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c302b8acd748f222021-12-22 11:44:51.944root 11241100x80000000000000003844748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716cd2b8d5bd68aa2021-12-22 11:44:51.944root 11241100x80000000000000003844749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c32f924df44d472021-12-22 11:44:51.944root 11241100x80000000000000003844750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ef20207896efe2021-12-22 11:44:51.945root 11241100x80000000000000003844751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b33c3b5944769e2021-12-22 11:44:51.945root 11241100x80000000000000003844752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8b1d1148b16cf52021-12-22 11:44:52.443root 11241100x80000000000000003844753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa911305565a76a92021-12-22 11:44:52.443root 11241100x80000000000000003844754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d53a15a4efe44f2021-12-22 11:44:52.443root 11241100x80000000000000003844755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ec43b42e3a0dc12021-12-22 11:44:52.444root 11241100x80000000000000003844756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db909ce72dd92692021-12-22 11:44:52.444root 11241100x80000000000000003844757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df18c36dc18b63bd2021-12-22 11:44:52.444root 11241100x80000000000000003844758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc6812fba8eb03772021-12-22 11:44:52.444root 11241100x80000000000000003844759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dd1469f1d5ac262021-12-22 11:44:52.444root 11241100x80000000000000003844760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77147869c3683a872021-12-22 11:44:52.444root 11241100x80000000000000003844761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bd8f37e0ea19362021-12-22 11:44:52.444root 11241100x80000000000000003844762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b6fbc050df57b02021-12-22 11:44:52.444root 11241100x80000000000000003844763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c945a44ac22ef80c2021-12-22 11:44:52.444root 11241100x80000000000000003844764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b93b92613e96a92021-12-22 11:44:52.444root 11241100x80000000000000003844765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880af09aec7cd74d2021-12-22 11:44:52.444root 11241100x80000000000000003844766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e01715167e05d22021-12-22 11:44:52.444root 11241100x80000000000000003844767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24fae676826d1ef2021-12-22 11:44:52.444root 11241100x80000000000000003844768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae8722f610b98492021-12-22 11:44:52.444root 11241100x80000000000000003844769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408c8db431fb50622021-12-22 11:44:52.943root 11241100x80000000000000003844770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca88760bfdbbe8dc2021-12-22 11:44:52.943root 11241100x80000000000000003844771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52be3f4a9747534a2021-12-22 11:44:52.943root 11241100x80000000000000003844772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f56b9a1cafb8962021-12-22 11:44:52.943root 11241100x80000000000000003844773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7861fa257b2dabd62021-12-22 11:44:52.943root 11241100x80000000000000003844774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7c911fd53b6d072021-12-22 11:44:52.944root 11241100x80000000000000003844775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e46b489e8d955e2021-12-22 11:44:52.944root 11241100x80000000000000003844776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2062bbb69220862021-12-22 11:44:52.944root 11241100x80000000000000003844777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea36ef848ac624792021-12-22 11:44:52.944root 11241100x80000000000000003844778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe625a963817f4d02021-12-22 11:44:52.944root 11241100x80000000000000003844779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88eff99744cfff8e2021-12-22 11:44:52.944root 11241100x80000000000000003844780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c095bcfd519f15dc2021-12-22 11:44:52.944root 11241100x80000000000000003844781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2553ad338f5d4b7a2021-12-22 11:44:52.944root 11241100x80000000000000003844782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da7d7c8cd4531912021-12-22 11:44:52.944root 11241100x80000000000000003844783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed05bb373913e9f2021-12-22 11:44:52.944root 11241100x80000000000000003844784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8988a8adee1aa242021-12-22 11:44:52.945root 11241100x80000000000000003844785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f236123158f8c1ca2021-12-22 11:44:52.945root 11241100x80000000000000003844786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec61a6d1068e41452021-12-22 11:44:53.443root 11241100x80000000000000003844787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13f6aa6758970c92021-12-22 11:44:53.443root 11241100x80000000000000003844788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa569347e7be5cdb2021-12-22 11:44:53.443root 11241100x80000000000000003844789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acb1709223054072021-12-22 11:44:53.443root 11241100x80000000000000003844790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7402ce91fa36a3992021-12-22 11:44:53.444root 11241100x80000000000000003844791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba24ead402f1c8b2021-12-22 11:44:53.444root 11241100x80000000000000003844792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3887c2ec1474b92021-12-22 11:44:53.444root 11241100x80000000000000003844793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dfe0c6b41b5a792021-12-22 11:44:53.444root 11241100x80000000000000003844794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d17d8b547be5e32021-12-22 11:44:53.444root 11241100x80000000000000003844795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2953baa96bb915142021-12-22 11:44:53.444root 11241100x80000000000000003844796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d72ba09a79f00832021-12-22 11:44:53.444root 11241100x80000000000000003844797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eba7319ada64f72021-12-22 11:44:53.444root 11241100x80000000000000003844798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03262633ed9ffd142021-12-22 11:44:53.444root 11241100x80000000000000003844799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1d8a9dc280dc792021-12-22 11:44:53.444root 11241100x80000000000000003844800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93468cd11d65b4d42021-12-22 11:44:53.445root 11241100x80000000000000003844801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9ef3f7c51fc21d2021-12-22 11:44:53.445root 11241100x80000000000000003844802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d97904788008472021-12-22 11:44:53.445root 11241100x80000000000000003844803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f94bdba559def02021-12-22 11:44:53.943root 11241100x80000000000000003844804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe5dd69ca59e9522021-12-22 11:44:53.943root 11241100x80000000000000003844805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b1e5d7a512acee2021-12-22 11:44:53.943root 11241100x80000000000000003844806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e5588312b573ff2021-12-22 11:44:53.943root 11241100x80000000000000003844807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09c1955441a50422021-12-22 11:44:53.943root 11241100x80000000000000003844808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cecfbe44ce6ab42021-12-22 11:44:53.944root 11241100x80000000000000003844809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3736f09dc980f9bc2021-12-22 11:44:53.944root 11241100x80000000000000003844810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705efe45611bfd122021-12-22 11:44:53.944root 11241100x80000000000000003844811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cdaf7a793d662a2021-12-22 11:44:53.944root 11241100x80000000000000003844812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce741ef6a30579b2021-12-22 11:44:53.944root 11241100x80000000000000003844813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c855d1f18e8c492021-12-22 11:44:53.944root 11241100x80000000000000003844814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149291e0268372442021-12-22 11:44:53.944root 11241100x80000000000000003844815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127cf19c19966f312021-12-22 11:44:53.944root 11241100x80000000000000003844816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4205fb1cec9a382021-12-22 11:44:53.944root 11241100x80000000000000003844817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d59e588cc9a2b842021-12-22 11:44:53.944root 11241100x80000000000000003844818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b064586a488307d82021-12-22 11:44:53.945root 11241100x80000000000000003844819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2461825b4b9f95ba2021-12-22 11:44:53.945root 11241100x80000000000000003844820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d7c750519a06ea2021-12-22 11:44:54.443root 11241100x80000000000000003844821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891bdad776a3bba02021-12-22 11:44:54.443root 11241100x80000000000000003844822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483627e2021e09702021-12-22 11:44:54.443root 11241100x80000000000000003844823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcc2357f1ade9622021-12-22 11:44:54.443root 11241100x80000000000000003844824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5e7ff69c3599942021-12-22 11:44:54.444root 11241100x80000000000000003844825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e1868ebb42a3842021-12-22 11:44:54.444root 11241100x80000000000000003844826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64941f4d3081848f2021-12-22 11:44:54.444root 11241100x80000000000000003844827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ba36820f397a782021-12-22 11:44:54.444root 11241100x80000000000000003844828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59188449dc50a6a2021-12-22 11:44:54.444root 11241100x80000000000000003844829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037d43ff182b55e92021-12-22 11:44:54.444root 11241100x80000000000000003844830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73552ca7a134ec202021-12-22 11:44:54.444root 11241100x80000000000000003844831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1cbfda93f4ad902021-12-22 11:44:54.444root 11241100x80000000000000003844832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3544094f0a654c5b2021-12-22 11:44:54.444root 11241100x80000000000000003844833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e30e390eb1baae2021-12-22 11:44:54.444root 11241100x80000000000000003844834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867b4bd62dcc4172021-12-22 11:44:54.444root 11241100x80000000000000003844835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8d2d7b0ac811c62021-12-22 11:44:54.444root 11241100x80000000000000003844836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e90777f09a185a2021-12-22 11:44:54.444root 11241100x80000000000000003844837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fcc039e22516862021-12-22 11:44:54.943root 11241100x80000000000000003844838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253f5a84913cb4602021-12-22 11:44:54.943root 11241100x80000000000000003844839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b9b4aafa11723a2021-12-22 11:44:54.943root 11241100x80000000000000003844840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a971767e0eb72f2021-12-22 11:44:54.943root 11241100x80000000000000003844841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a431192b77c06d12021-12-22 11:44:54.944root 11241100x80000000000000003844842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ce0a068b040da2021-12-22 11:44:54.944root 11241100x80000000000000003844843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba873ddb7403f032021-12-22 11:44:54.944root 11241100x80000000000000003844844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0249b8442ec7a9462021-12-22 11:44:54.944root 11241100x80000000000000003844845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b29ac79dfaf76a2021-12-22 11:44:54.944root 11241100x80000000000000003844846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f64418723349502021-12-22 11:44:54.944root 11241100x80000000000000003844847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a0d7c5581a2ced2021-12-22 11:44:54.944root 11241100x80000000000000003844848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdaf5a395374cea2021-12-22 11:44:54.944root 11241100x80000000000000003844849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9cf9d06b5a4db62021-12-22 11:44:54.945root 11241100x80000000000000003844850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fafe637f0856d252021-12-22 11:44:54.945root 11241100x80000000000000003844851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b3f2e3b151d2002021-12-22 11:44:54.945root 11241100x80000000000000003844852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a400816e0a0f45502021-12-22 11:44:54.945root 11241100x80000000000000003844853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c46d86a95eb1b7c2021-12-22 11:44:54.945root 11241100x80000000000000003844854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed5fe9949fc46122021-12-22 11:44:55.443root 11241100x80000000000000003844855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548e1a089e6ef4ce2021-12-22 11:44:55.443root 11241100x80000000000000003844856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbf73d58a094f142021-12-22 11:44:55.443root 11241100x80000000000000003844857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8324e98455f4b32021-12-22 11:44:55.443root 11241100x80000000000000003844858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cd65f4b65875642021-12-22 11:44:55.444root 11241100x80000000000000003844859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe48a3c3a4f4b8d2021-12-22 11:44:55.444root 11241100x80000000000000003844860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0ed0d5c2d333572021-12-22 11:44:55.444root 11241100x80000000000000003844861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79ced31bc0b42912021-12-22 11:44:55.444root 11241100x80000000000000003844862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db65af9091377e962021-12-22 11:44:55.444root 11241100x80000000000000003844863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a201e0579cedef292021-12-22 11:44:55.444root 11241100x80000000000000003844864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1c4396e5e43d502021-12-22 11:44:55.444root 11241100x80000000000000003844865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a39978addce4d52021-12-22 11:44:55.444root 11241100x80000000000000003844866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fad812808b7c082021-12-22 11:44:55.444root 11241100x80000000000000003844867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5155c6d72a46e0b2021-12-22 11:44:55.444root 11241100x80000000000000003844868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e38996e90cca52021-12-22 11:44:55.445root 11241100x80000000000000003844869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b813d24c08cd2c02021-12-22 11:44:55.445root 11241100x80000000000000003844870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04aa33bf7b2cefe2021-12-22 11:44:55.445root 11241100x80000000000000003844871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f15a3c4932f942021-12-22 11:44:55.943root 11241100x80000000000000003844872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3763119b52139782021-12-22 11:44:55.943root 11241100x80000000000000003844873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203148e6dbb558292021-12-22 11:44:55.943root 11241100x80000000000000003844874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493bc72048e99b962021-12-22 11:44:55.943root 11241100x80000000000000003844875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e91e3ab5b73ef552021-12-22 11:44:55.944root 11241100x80000000000000003844876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3418adc3512ea92021-12-22 11:44:55.944root 11241100x80000000000000003844877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4744e600f06013132021-12-22 11:44:55.944root 11241100x80000000000000003844878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d713b0aa3e88744b2021-12-22 11:44:55.944root 11241100x80000000000000003844879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e132aaadd7ea2d2021-12-22 11:44:55.944root 11241100x80000000000000003844880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d231b04bac1d40b02021-12-22 11:44:55.944root 11241100x80000000000000003844881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9528ae1df1b1732021-12-22 11:44:55.944root 11241100x80000000000000003844882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8a1a2a2ddf7952021-12-22 11:44:55.944root 11241100x80000000000000003844883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c061ee9425cfe5842021-12-22 11:44:55.944root 11241100x80000000000000003844884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97ccc5a67d344c42021-12-22 11:44:55.944root 11241100x80000000000000003844885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25ab4d128e93b02021-12-22 11:44:55.945root 11241100x80000000000000003844886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4986ad5bda512fab2021-12-22 11:44:55.945root 11241100x80000000000000003844887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70978208a0ba44052021-12-22 11:44:55.945root 354300x80000000000000003844888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.158{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55398-false10.0.1.12-8000- 11241100x80000000000000003844889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59239f443e1d1a932021-12-22 11:44:56.443root 11241100x80000000000000003844890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1dfe7a0c02466592021-12-22 11:44:56.443root 11241100x80000000000000003844891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997f3acc67ff6bdf2021-12-22 11:44:56.443root 11241100x80000000000000003844892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31a4a833ac551272021-12-22 11:44:56.443root 11241100x80000000000000003844893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fa7fef376298992021-12-22 11:44:56.443root 11241100x80000000000000003844894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dafa584b9496622021-12-22 11:44:56.444root 11241100x80000000000000003844895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1953b3742859412021-12-22 11:44:56.444root 11241100x80000000000000003844896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af1a1c5fd70dac2021-12-22 11:44:56.444root 11241100x80000000000000003844897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e945d39dc64894932021-12-22 11:44:56.444root 11241100x80000000000000003844898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be99303e9af6591c2021-12-22 11:44:56.444root 11241100x80000000000000003844899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7616c6e79ee1a1bc2021-12-22 11:44:56.444root 11241100x80000000000000003844900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cf0ed7dcf5f0102021-12-22 11:44:56.444root 11241100x80000000000000003844901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd4c2678411e3a52021-12-22 11:44:56.444root 11241100x80000000000000003844902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dbb5d0db603b6d2021-12-22 11:44:56.444root 11241100x80000000000000003844903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084c8eaf0346e09e2021-12-22 11:44:56.445root 11241100x80000000000000003844904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a478ab9460b2de572021-12-22 11:44:56.445root 11241100x80000000000000003844905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33c207ef45eba662021-12-22 11:44:56.445root 11241100x80000000000000003844906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f253faee0fc236b2021-12-22 11:44:56.445root 11241100x80000000000000003844907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b66507c6c366b022021-12-22 11:44:56.943root 11241100x80000000000000003844908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1453e0151a29caa82021-12-22 11:44:56.943root 11241100x80000000000000003844909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200518f220a5d1b82021-12-22 11:44:56.943root 11241100x80000000000000003844910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fad36bc8f9e132b2021-12-22 11:44:56.943root 11241100x80000000000000003844911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c6ed2ccc6e53a42021-12-22 11:44:56.943root 11241100x80000000000000003844912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e80f6e8cef0444a2021-12-22 11:44:56.944root 11241100x80000000000000003844913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f537a39502246b6e2021-12-22 11:44:56.944root 11241100x80000000000000003844914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284726e05b750f1b2021-12-22 11:44:56.944root 11241100x80000000000000003844915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097f1de8923f8cc42021-12-22 11:44:56.944root 11241100x80000000000000003844916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8a39f747d736a12021-12-22 11:44:56.944root 11241100x80000000000000003844917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266369a8cf5d5d922021-12-22 11:44:56.944root 11241100x80000000000000003844918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f4e2ed504f2c442021-12-22 11:44:56.944root 11241100x80000000000000003844919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07344a46927f6b062021-12-22 11:44:56.944root 11241100x80000000000000003844920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690fe63b8093e3bf2021-12-22 11:44:56.944root 11241100x80000000000000003844921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dd06c6afacafde2021-12-22 11:44:56.944root 11241100x80000000000000003844922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543ce22e345d6502021-12-22 11:44:56.944root 11241100x80000000000000003844923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae961454795bd052021-12-22 11:44:56.944root 11241100x80000000000000003844924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a435faa333f7e80e2021-12-22 11:44:56.944root 11241100x80000000000000003844925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a9c9ce9a31e98c2021-12-22 11:44:57.443root 11241100x80000000000000003844926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff589d35f491eed2021-12-22 11:44:57.443root 11241100x80000000000000003844927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d8cea4553dafd72021-12-22 11:44:57.443root 11241100x80000000000000003844928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc3b69978a5ccc22021-12-22 11:44:57.443root 11241100x80000000000000003844929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7248ddf212d43192021-12-22 11:44:57.443root 11241100x80000000000000003844930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43de6e1099d630992021-12-22 11:44:57.444root 11241100x80000000000000003844931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783c09adf36030432021-12-22 11:44:57.444root 11241100x80000000000000003844932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7f749822ef181f2021-12-22 11:44:57.444root 11241100x80000000000000003844933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1829b76ef76efeb92021-12-22 11:44:57.444root 11241100x80000000000000003844934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dbc675cac2957d2021-12-22 11:44:57.444root 11241100x80000000000000003844935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b23a3cd1f1e7e82021-12-22 11:44:57.444root 11241100x80000000000000003844936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aaf55da02bf8e62021-12-22 11:44:57.444root 11241100x80000000000000003844937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dc5392d4e98fac2021-12-22 11:44:57.444root 11241100x80000000000000003844938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6564fa9843412dbe2021-12-22 11:44:57.444root 11241100x80000000000000003844939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8af3b42c0eb3362021-12-22 11:44:57.444root 11241100x80000000000000003844940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b31661414ddbd42021-12-22 11:44:57.444root 11241100x80000000000000003844941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a31dd042d08a6302021-12-22 11:44:57.444root 11241100x80000000000000003844942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d550c61b23efa072021-12-22 11:44:57.444root 11241100x80000000000000003844943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503eb970017c8dca2021-12-22 11:44:57.943root 11241100x80000000000000003844944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2152afd6257610f2021-12-22 11:44:57.943root 11241100x80000000000000003844945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a6cdb3972298f32021-12-22 11:44:57.943root 11241100x80000000000000003844946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078f81558e6d69462021-12-22 11:44:57.943root 11241100x80000000000000003844947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d6657d309092fc2021-12-22 11:44:57.943root 11241100x80000000000000003844948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611d0c88867fa06b2021-12-22 11:44:57.944root 11241100x80000000000000003844949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99f09c7ebaeb0a42021-12-22 11:44:57.944root 11241100x80000000000000003844950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ad4442d78002382021-12-22 11:44:57.944root 11241100x80000000000000003844951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2063e93f04cbe6fc2021-12-22 11:44:57.944root 11241100x80000000000000003844952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb48ec77c0c15592021-12-22 11:44:57.944root 11241100x80000000000000003844953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e7140106d1d2102021-12-22 11:44:57.944root 11241100x80000000000000003844954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91659b438f823862021-12-22 11:44:57.944root 11241100x80000000000000003844955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c71e49fe96071a2021-12-22 11:44:57.944root 11241100x80000000000000003844956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242ae8e8a3dc1c7b2021-12-22 11:44:57.944root 11241100x80000000000000003844957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4044e7010632a0c02021-12-22 11:44:57.944root 11241100x80000000000000003844958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb8d282333263362021-12-22 11:44:57.944root 11241100x80000000000000003844959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42af385c8498a94c2021-12-22 11:44:57.944root 11241100x80000000000000003844960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac22d4124aeba64f2021-12-22 11:44:57.944root 11241100x80000000000000003844961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c8a67544528d1d2021-12-22 11:44:58.443root 11241100x80000000000000003844962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68aa15a6de950af2021-12-22 11:44:58.443root 11241100x80000000000000003844963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f3318f67cbf7122021-12-22 11:44:58.443root 11241100x80000000000000003844964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d681ec307382f12021-12-22 11:44:58.443root 11241100x80000000000000003844965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11cecb2c5b7f8e2021-12-22 11:44:58.444root 11241100x80000000000000003844966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26892a1a0865f8772021-12-22 11:44:58.444root 11241100x80000000000000003844967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d8ccde9d56c1492021-12-22 11:44:58.444root 11241100x80000000000000003844968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29a61ad2ee21d372021-12-22 11:44:58.444root 11241100x80000000000000003844969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eff503982fd17fc2021-12-22 11:44:58.444root 11241100x80000000000000003844970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ce75d6cf1ce9832021-12-22 11:44:58.444root 11241100x80000000000000003844971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6adac523ecae702021-12-22 11:44:58.444root 11241100x80000000000000003844972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90f8f04cbc6457f52021-12-22 11:44:58.444root 11241100x80000000000000003844973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d599d24a8b42a22021-12-22 11:44:58.444root 11241100x80000000000000003844974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ccc9b63f9e239b2021-12-22 11:44:58.444root 11241100x80000000000000003844975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619277be7b4cf9302021-12-22 11:44:58.444root 11241100x80000000000000003844976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a231f20aaa526f72021-12-22 11:44:58.444root 11241100x80000000000000003844977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4175a9a85067aa2021-12-22 11:44:58.444root 11241100x80000000000000003844978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2cb161ad6aac032021-12-22 11:44:58.444root 11241100x80000000000000003844979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61498f0ac06ab3822021-12-22 11:44:58.943root 11241100x80000000000000003844980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc64e0038e2ef822021-12-22 11:44:58.943root 11241100x80000000000000003844981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ea958c15edc1a42021-12-22 11:44:58.943root 11241100x80000000000000003844982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966e671b82773f92021-12-22 11:44:58.943root 11241100x80000000000000003844983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a57bc339aef3482021-12-22 11:44:58.943root 11241100x80000000000000003844984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23efa768e4f846f82021-12-22 11:44:58.944root 11241100x80000000000000003844985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e76c9b4ffc2ddfe2021-12-22 11:44:58.944root 11241100x80000000000000003844986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e6b890669289462021-12-22 11:44:58.944root 11241100x80000000000000003844987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e251ee181af416f82021-12-22 11:44:58.944root 11241100x80000000000000003844988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4332060845a3342021-12-22 11:44:58.944root 11241100x80000000000000003844989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34dd9eedc14238422021-12-22 11:44:58.944root 11241100x80000000000000003844990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96769b38bf578eaf2021-12-22 11:44:58.944root 11241100x80000000000000003844991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c2f9e563ce6c762021-12-22 11:44:58.944root 11241100x80000000000000003844992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8eb993f0e0ad45d2021-12-22 11:44:58.944root 11241100x80000000000000003844993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d773f4269425332021-12-22 11:44:58.944root 11241100x80000000000000003844994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a27e1add2e8ec2021-12-22 11:44:58.944root 11241100x80000000000000003844995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90092cf133da46a2021-12-22 11:44:58.944root 11241100x80000000000000003844996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212036300a5d91342021-12-22 11:44:58.944root 11241100x80000000000000003844997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33754a0031e2fd842021-12-22 11:44:59.443root 11241100x80000000000000003844998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa7085dd06116572021-12-22 11:44:59.443root 11241100x80000000000000003844999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4669aa9b2dee0fb82021-12-22 11:44:59.443root 11241100x80000000000000003845000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3677a2c49ebde62021-12-22 11:44:59.443root 11241100x80000000000000003845001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787f15f767a88c52021-12-22 11:44:59.444root 11241100x80000000000000003845002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e6063ad1b5397f2021-12-22 11:44:59.444root 11241100x80000000000000003845003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb3eb4df82b7992021-12-22 11:44:59.444root 11241100x80000000000000003845004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5426f8abb02fbdf82021-12-22 11:44:59.444root 11241100x80000000000000003845005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df75e0292a7551a2021-12-22 11:44:59.444root 11241100x80000000000000003845006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d30c9776993b052021-12-22 11:44:59.444root 11241100x80000000000000003845007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40abf5fc80220e352021-12-22 11:44:59.444root 11241100x80000000000000003845008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d190a17f3ba6d72021-12-22 11:44:59.444root 11241100x80000000000000003845009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bb8d51371779222021-12-22 11:44:59.444root 11241100x80000000000000003845010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c0321af845f7b52021-12-22 11:44:59.444root 11241100x80000000000000003845011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b124f8131a6f39f2021-12-22 11:44:59.445root 11241100x80000000000000003845012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6aa96bc8fadc0392021-12-22 11:44:59.445root 11241100x80000000000000003845013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aeec3e766d3d2422021-12-22 11:44:59.445root 11241100x80000000000000003845014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442b7f9274f374c02021-12-22 11:44:59.445root 11241100x80000000000000003845015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96857fcf636a2a82021-12-22 11:44:59.943root 11241100x80000000000000003845016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086529921fa8c4792021-12-22 11:44:59.943root 11241100x80000000000000003845017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b965b3ee7977cb2021-12-22 11:44:59.943root 11241100x80000000000000003845018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d7963aadf9ce4042021-12-22 11:44:59.943root 11241100x80000000000000003845019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d7f6b16caad8612021-12-22 11:44:59.944root 11241100x80000000000000003845020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99b0c0a1b15670c2021-12-22 11:44:59.944root 11241100x80000000000000003845021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ded88fc88d327c2021-12-22 11:44:59.944root 11241100x80000000000000003845022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c001c38b8be1742021-12-22 11:44:59.944root 11241100x80000000000000003845023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e072d656c2e0ae2021-12-22 11:44:59.944root 11241100x80000000000000003845024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230dbe06e001da792021-12-22 11:44:59.944root 11241100x80000000000000003845025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6af8e4e3c8556a32021-12-22 11:44:59.944root 11241100x80000000000000003845026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff88e30a43293ead2021-12-22 11:44:59.944root 11241100x80000000000000003845027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0199ee9e8243d62021-12-22 11:44:59.944root 11241100x80000000000000003845028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ec0bc4ecdbcaa82021-12-22 11:44:59.945root 11241100x80000000000000003845029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663e453998fd08552021-12-22 11:44:59.945root 11241100x80000000000000003845030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c4c8a4c96c02f02021-12-22 11:44:59.945root 11241100x80000000000000003845031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480c3283014eeeeb2021-12-22 11:44:59.945root 11241100x80000000000000003845032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:44:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dbca5e5f1b2df82021-12-22 11:44:59.945root 11241100x80000000000000003845033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef921f391bb7af2021-12-22 11:45:00.443root 11241100x80000000000000003845034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4120b73c24ca02d02021-12-22 11:45:00.443root 11241100x80000000000000003845035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881b2995c91162ad2021-12-22 11:45:00.443root 11241100x80000000000000003845036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cde715502026952021-12-22 11:45:00.443root 11241100x80000000000000003845037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5624331a05eb18182021-12-22 11:45:00.444root 11241100x80000000000000003845038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8fd63f74bc16842021-12-22 11:45:00.444root 11241100x80000000000000003845039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9875e37de1911602021-12-22 11:45:00.444root 11241100x80000000000000003845040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d200ec4f6f73062021-12-22 11:45:00.444root 11241100x80000000000000003845041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6324e6cb7883c20b2021-12-22 11:45:00.444root 11241100x80000000000000003845042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7f1423a0f815192021-12-22 11:45:00.444root 11241100x80000000000000003845043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd838eba2219aaff2021-12-22 11:45:00.444root 11241100x80000000000000003845044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed06f75a9cbded22021-12-22 11:45:00.444root 11241100x80000000000000003845045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420095784ae6308f2021-12-22 11:45:00.444root 11241100x80000000000000003845046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba230821d9f4a3e62021-12-22 11:45:00.444root 11241100x80000000000000003845047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9221714bc05ce22021-12-22 11:45:00.444root 11241100x80000000000000003845048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6826e2782426a62021-12-22 11:45:00.444root 11241100x80000000000000003845049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7581be78188a2b92021-12-22 11:45:00.444root 11241100x80000000000000003845050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e5cd90a0025ae52021-12-22 11:45:00.444root 11241100x80000000000000003845051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb2c58fdc2c6c9a2021-12-22 11:45:00.943root 11241100x80000000000000003845052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d1b500e04fa1a22021-12-22 11:45:00.943root 11241100x80000000000000003845053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbf3de35035de672021-12-22 11:45:00.943root 11241100x80000000000000003845054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9c973b41c6a6ef2021-12-22 11:45:00.943root 11241100x80000000000000003845055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976a3628b6f2091e2021-12-22 11:45:00.944root 11241100x80000000000000003845056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291812ac0e7a2e622021-12-22 11:45:00.944root 11241100x80000000000000003845057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6064147926f483ca2021-12-22 11:45:00.944root 11241100x80000000000000003845058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52a857ccf53be2a2021-12-22 11:45:00.944root 11241100x80000000000000003845059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed3989475df571e2021-12-22 11:45:00.944root 11241100x80000000000000003845060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76491d01b85d9a412021-12-22 11:45:00.944root 11241100x80000000000000003845061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deff4f20f0f2f7402021-12-22 11:45:00.944root 11241100x80000000000000003845062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7820b6dcae35f202021-12-22 11:45:00.944root 11241100x80000000000000003845063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8119fc1c955c9b642021-12-22 11:45:00.944root 11241100x80000000000000003845064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b61178bd9d2913d2021-12-22 11:45:00.944root 11241100x80000000000000003845065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af24f4bc1f261f72021-12-22 11:45:00.944root 11241100x80000000000000003845066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b381c2987658ffc62021-12-22 11:45:00.944root 11241100x80000000000000003845067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8647a4f3cebc7bb32021-12-22 11:45:00.944root 11241100x80000000000000003845068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff24e7249bbc5b462021-12-22 11:45:00.944root 11241100x80000000000000003845069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4595acef240e682021-12-22 11:45:00.945root 11241100x80000000000000003845070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbc99e264e9a36f2021-12-22 11:45:00.946root 11241100x80000000000000003845071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a4806a65fe22cf2021-12-22 11:45:00.946root 11241100x80000000000000003845072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993d3861b9765d932021-12-22 11:45:00.946root 11241100x80000000000000003845073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7232ef9f3e117b582021-12-22 11:45:00.946root 11241100x80000000000000003845074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ade87624f3f46e2021-12-22 11:45:00.946root 11241100x80000000000000003845075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79be7c2113633be72021-12-22 11:45:00.946root 11241100x80000000000000003845076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d83ce5182c41eb2021-12-22 11:45:00.947root 11241100x80000000000000003845077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e410b2d17cde2ed2021-12-22 11:45:00.947root 11241100x80000000000000003845078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670ed3a8bc33f8b92021-12-22 11:45:00.947root 11241100x80000000000000003845079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19231c09e3e9eb32021-12-22 11:45:00.947root 11241100x80000000000000003845080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bddd941de382b52021-12-22 11:45:00.947root 11241100x80000000000000003845081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2880286111bb282021-12-22 11:45:00.947root 354300x80000000000000003845082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.237{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55400-false10.0.1.12-8000- 11241100x80000000000000003845083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4141da35ca64ecdc2021-12-22 11:45:01.239root 11241100x80000000000000003845084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6171b0f4f27a7852021-12-22 11:45:01.239root 11241100x80000000000000003845085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24465c8d48c988d32021-12-22 11:45:01.239root 11241100x80000000000000003845086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275b46037f5668af2021-12-22 11:45:01.240root 11241100x80000000000000003845087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a53982301648032021-12-22 11:45:01.240root 11241100x80000000000000003845088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c595e12cc99ae022021-12-22 11:45:01.240root 11241100x80000000000000003845089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956561c7b0c3b86e2021-12-22 11:45:01.240root 11241100x80000000000000003845090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509a21b78388c3b92021-12-22 11:45:01.240root 11241100x80000000000000003845091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48fdaee8c15b0bf2021-12-22 11:45:01.240root 11241100x80000000000000003845092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d91c1f53784c102021-12-22 11:45:01.241root 11241100x80000000000000003845093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0306c8fce7caddcb2021-12-22 11:45:01.241root 11241100x80000000000000003845094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857fa4479d688d512021-12-22 11:45:01.241root 11241100x80000000000000003845095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8865f8429f23601c2021-12-22 11:45:01.241root 11241100x80000000000000003845096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affcef63df8ea0dc2021-12-22 11:45:01.241root 11241100x80000000000000003845097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295b99f540e42c5f2021-12-22 11:45:01.242root 11241100x80000000000000003845098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dda32bb87a38eb2021-12-22 11:45:01.242root 11241100x80000000000000003845099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2a8d5959bab0762021-12-22 11:45:01.242root 11241100x80000000000000003845100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30da003507fb4312021-12-22 11:45:01.242root 11241100x80000000000000003845101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9aa7a975bb29582021-12-22 11:45:01.242root 11241100x80000000000000003845102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd22055a0f93ceb52021-12-22 11:45:01.693root 11241100x80000000000000003845103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f20002fd45702b2021-12-22 11:45:01.693root 11241100x80000000000000003845104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedbc794b7bbd28d2021-12-22 11:45:01.694root 11241100x80000000000000003845105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b9fd59ca6886752021-12-22 11:45:01.694root 11241100x80000000000000003845106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1e4765675c06b72021-12-22 11:45:01.694root 11241100x80000000000000003845107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b288dc76d066e72021-12-22 11:45:01.694root 11241100x80000000000000003845108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdca81c3a65cb482021-12-22 11:45:01.694root 11241100x80000000000000003845109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4666a29c63cb37232021-12-22 11:45:01.695root 11241100x80000000000000003845110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc94d7cd10fbc40d2021-12-22 11:45:01.695root 11241100x80000000000000003845111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bcfd327edd2ab72021-12-22 11:45:01.695root 11241100x80000000000000003845112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6acc8b29a3d56c2021-12-22 11:45:01.695root 11241100x80000000000000003845113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8a5db16c441f6b2021-12-22 11:45:01.695root 11241100x80000000000000003845114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6af722264e506a2021-12-22 11:45:01.695root 11241100x80000000000000003845115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b3ac84a34e45ed2021-12-22 11:45:01.696root 11241100x80000000000000003845116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df207ea7ea8a5222021-12-22 11:45:01.696root 11241100x80000000000000003845117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c32c67d0945c552021-12-22 11:45:01.696root 11241100x80000000000000003845118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6cb1f9ae227d522021-12-22 11:45:01.696root 11241100x80000000000000003845119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd26f06777991b12021-12-22 11:45:01.696root 11241100x80000000000000003845120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93b44505f91428a2021-12-22 11:45:01.696root 11241100x80000000000000003845121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70511c543d2bf322021-12-22 11:45:02.193root 11241100x80000000000000003845122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cfb6228246a2f82021-12-22 11:45:02.193root 11241100x80000000000000003845123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11559381fbf205892021-12-22 11:45:02.193root 11241100x80000000000000003845124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4fa1c2ec4aab92f2021-12-22 11:45:02.193root 11241100x80000000000000003845125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05762f924b01e352021-12-22 11:45:02.193root 11241100x80000000000000003845126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fccfa9a4424bdc2021-12-22 11:45:02.193root 11241100x80000000000000003845127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83fef249deb6a0e2021-12-22 11:45:02.193root 11241100x80000000000000003845128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c380df42f2165b2021-12-22 11:45:02.194root 11241100x80000000000000003845129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e072a37412fca3d2021-12-22 11:45:02.194root 11241100x80000000000000003845130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a99092d3cba3f52021-12-22 11:45:02.194root 11241100x80000000000000003845131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfac8b89346bb2c2021-12-22 11:45:02.194root 11241100x80000000000000003845132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a56c5a873745d092021-12-22 11:45:02.194root 11241100x80000000000000003845133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3060365a0fab1bf2021-12-22 11:45:02.194root 11241100x80000000000000003845134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d30abbb044552c62021-12-22 11:45:02.194root 11241100x80000000000000003845135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381e861e165910d42021-12-22 11:45:02.194root 11241100x80000000000000003845136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8a8c59be5f5aac2021-12-22 11:45:02.195root 11241100x80000000000000003845137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a1d786a1e6519c2021-12-22 11:45:02.195root 11241100x80000000000000003845138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40883a7549ab668b2021-12-22 11:45:02.195root 11241100x80000000000000003845139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c2b99962ceb6cf2021-12-22 11:45:02.195root 11241100x80000000000000003845140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8483e5a56864842021-12-22 11:45:02.195root 11241100x80000000000000003845141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440937f5c574f6a12021-12-22 11:45:02.195root 11241100x80000000000000003845142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031132ed60d50da02021-12-22 11:45:02.196root 11241100x80000000000000003845143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b3eb5dccfbc00e2021-12-22 11:45:02.196root 11241100x80000000000000003845144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d5202a63091e3b2021-12-22 11:45:02.196root 11241100x80000000000000003845145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5aced5e9181fe2e2021-12-22 11:45:02.196root 11241100x80000000000000003845146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11327eef0c6398992021-12-22 11:45:02.693root 11241100x80000000000000003845147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ccb8187785bf762021-12-22 11:45:02.693root 11241100x80000000000000003845148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf508ad0d44bc8df2021-12-22 11:45:02.693root 11241100x80000000000000003845149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07275d12d2de7d42021-12-22 11:45:02.693root 11241100x80000000000000003845150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dcdc26f712ad112021-12-22 11:45:02.694root 11241100x80000000000000003845151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1088fe81726de92021-12-22 11:45:02.694root 11241100x80000000000000003845152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ca56cbd4f3ef122021-12-22 11:45:02.694root 11241100x80000000000000003845153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe38f05e85ad76e2021-12-22 11:45:02.694root 11241100x80000000000000003845154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbd743e635dda8f2021-12-22 11:45:02.694root 11241100x80000000000000003845155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bec63b4205756002021-12-22 11:45:02.694root 11241100x80000000000000003845156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0846479a8593f3672021-12-22 11:45:02.694root 11241100x80000000000000003845157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0514e1eed0a422021-12-22 11:45:02.694root 23542300x80000000000000003845178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003845179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8bac15ba2bd0442021-12-22 11:45:06.442root 534500x80000000000000003845180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.772{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x80000000000000003845181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:06.773{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1a184194e25e9b2021-12-22 11:45:06.773root 11241100x80000000000000003845182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4823bcc3d9da802021-12-22 11:45:07.192root 11241100x80000000000000003845183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99c0f514de8b8292021-12-22 11:45:07.192root 354300x80000000000000003845184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.225{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55402-false10.0.1.12-8000- 11241100x80000000000000003845185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d56ff7b7852dcc2021-12-22 11:45:07.692root 11241100x80000000000000003845186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d6668425548c7f2021-12-22 11:45:07.693root 11241100x80000000000000003845187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca2f7f80c10d3252021-12-22 11:45:07.693root 11241100x80000000000000003845188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e5098bb77cd2892021-12-22 11:45:08.192root 11241100x80000000000000003845189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc47ab416e11cf2b2021-12-22 11:45:08.193root 11241100x80000000000000003845190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5105feee06e37f6a2021-12-22 11:45:08.193root 11241100x80000000000000003845191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177faadef05dcfe92021-12-22 11:45:08.692root 11241100x80000000000000003845192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cee79fdacefdd642021-12-22 11:45:08.693root 11241100x80000000000000003845193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3a7db44ad670032021-12-22 11:45:08.693root 11241100x80000000000000003845194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c51e6f551757792021-12-22 11:45:09.192root 11241100x80000000000000003845195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0190dddb4a531a0e2021-12-22 11:45:09.193root 11241100x80000000000000003845196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5917d390d58965032021-12-22 11:45:09.193root 11241100x80000000000000003845197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6effa925b8c79e42021-12-22 11:45:09.692root 11241100x80000000000000003845198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e1b51e3e8331882021-12-22 11:45:09.693root 11241100x80000000000000003845199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9b051c83baea762021-12-22 11:45:09.693root 11241100x80000000000000003845200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e3732ab67937b32021-12-22 11:45:10.192root 11241100x80000000000000003845201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16d1305e4d8747b2021-12-22 11:45:10.193root 11241100x80000000000000003845202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60cc34b206e1c712021-12-22 11:45:10.193root 11241100x80000000000000003845203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69fa974a25ed9e72021-12-22 11:45:10.692root 11241100x80000000000000003845204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ced2573a9d10fa2021-12-22 11:45:10.693root 11241100x80000000000000003845205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c15fa4f9527e3f72021-12-22 11:45:10.693root 11241100x80000000000000003845206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102d9a31e08054092021-12-22 11:45:11.192root 11241100x80000000000000003845207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a674a8410abc412021-12-22 11:45:11.193root 11241100x80000000000000003845208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220628494fee58222021-12-22 11:45:11.193root 11241100x80000000000000003845209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a0185d483844312021-12-22 11:45:11.692root 11241100x80000000000000003845210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f3cdfc3c9019662021-12-22 11:45:11.693root 11241100x80000000000000003845211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cf70b64cabf2032021-12-22 11:45:11.693root 11241100x80000000000000003845212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdfcfd70ff075732021-12-22 11:45:12.192root 11241100x80000000000000003845213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f8584b3c0639092021-12-22 11:45:12.193root 11241100x80000000000000003845214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e57fd89f39c3572021-12-22 11:45:12.193root 11241100x80000000000000003845215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b489394c960aaa942021-12-22 11:45:12.692root 11241100x80000000000000003845216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f5c159dec81b352021-12-22 11:45:12.692root 11241100x80000000000000003845217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986fa0a8163964d82021-12-22 11:45:12.693root 11241100x80000000000000003845218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0351c6503b6b7722021-12-22 11:45:13.192root 11241100x80000000000000003845219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da5dc9d73f95b5fb2021-12-22 11:45:13.193root 11241100x80000000000000003845220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd2219cf7153a292021-12-22 11:45:13.193root 354300x80000000000000003845221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.198{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55404-false10.0.1.12-8000- 11241100x80000000000000003845222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b448fd5c938ab0d2021-12-22 11:45:13.693root 11241100x80000000000000003845223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6d6f74536c89232021-12-22 11:45:13.693root 11241100x80000000000000003845224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3c7abbdb17a8d02021-12-22 11:45:13.693root 11241100x80000000000000003845225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19286bedc4fb44d2021-12-22 11:45:13.693root 11241100x80000000000000003845226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a908179fa1f9d342021-12-22 11:45:14.192root 11241100x80000000000000003845227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c200a2593b20632021-12-22 11:45:14.193root 11241100x80000000000000003845228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f635b8a933480cc42021-12-22 11:45:14.193root 11241100x80000000000000003845229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16823882860258b12021-12-22 11:45:14.193root 11241100x80000000000000003845230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ccd6141231ce54d2021-12-22 11:45:14.692root 11241100x80000000000000003845231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a91ef5056333a9e2021-12-22 11:45:14.693root 11241100x80000000000000003845232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046fa2e2d052e6c52021-12-22 11:45:14.693root 11241100x80000000000000003845233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bc4e06c1a917392021-12-22 11:45:14.693root 11241100x80000000000000003845234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1013f9362f322a2021-12-22 11:45:15.192root 11241100x80000000000000003845235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7d2d48796f5302021-12-22 11:45:15.193root 11241100x80000000000000003845236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d4b72c699101af2021-12-22 11:45:15.193root 11241100x80000000000000003845237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cf593f190516682021-12-22 11:45:15.193root 11241100x80000000000000003845238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34941abffbb62c22021-12-22 11:45:15.692root 11241100x80000000000000003845239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba7ae344812b5d92021-12-22 11:45:15.693root 11241100x80000000000000003845240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37fb00368bb38d2021-12-22 11:45:15.693root 11241100x80000000000000003845241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5fdab79b87ff1a2021-12-22 11:45:15.693root 11241100x80000000000000003845242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88bf6611a540e952021-12-22 11:45:16.192root 11241100x80000000000000003845243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c71546957a121f2021-12-22 11:45:16.193root 11241100x80000000000000003845244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5b8f41dec1bcae2021-12-22 11:45:16.193root 11241100x80000000000000003845245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca3149389c659e12021-12-22 11:45:16.193root 11241100x80000000000000003845246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e52d275ee118cd2021-12-22 11:45:16.692root 11241100x80000000000000003845247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961646c0fb4a639c2021-12-22 11:45:16.693root 11241100x80000000000000003845248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ece04db4e08abc2021-12-22 11:45:16.693root 11241100x80000000000000003845249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3152d519ca8ead842021-12-22 11:45:16.693root 11241100x80000000000000003845250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96187c7e52a064a72021-12-22 11:45:17.192root 11241100x80000000000000003845251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee38abbfe39205c2021-12-22 11:45:17.193root 11241100x80000000000000003845252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cde0d5f424228cf2021-12-22 11:45:17.193root 11241100x80000000000000003845253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c591a214c81941d82021-12-22 11:45:17.193root 11241100x80000000000000003845254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ac065f6b7fbf432021-12-22 11:45:17.692root 11241100x80000000000000003845255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8316fe39d4253ed62021-12-22 11:45:17.693root 11241100x80000000000000003845256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c21a0df8d678ad2021-12-22 11:45:17.693root 11241100x80000000000000003845257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb70d0db29b887b2021-12-22 11:45:17.693root 11241100x80000000000000003845258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a6c62f5b1391752021-12-22 11:45:18.193root 11241100x80000000000000003845259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db765817b519e12e2021-12-22 11:45:18.193root 11241100x80000000000000003845260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32efc09c38a88cc92021-12-22 11:45:18.193root 11241100x80000000000000003845261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71422b437d0de4582021-12-22 11:45:18.193root 11241100x80000000000000003845262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a576d487b71f882021-12-22 11:45:18.692root 11241100x80000000000000003845263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3009e4e4197c35e82021-12-22 11:45:18.693root 11241100x80000000000000003845264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b32569c6ec35572021-12-22 11:45:18.693root 11241100x80000000000000003845265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6ef50c0a59c1632021-12-22 11:45:18.693root 354300x80000000000000003845266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.077{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55406-false10.0.1.12-8000- 11241100x80000000000000003845267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0c1f3976221a3f2021-12-22 11:45:19.078root 11241100x80000000000000003845268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d156550c94b15e292021-12-22 11:45:19.078root 11241100x80000000000000003845269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01045864c3c178ec2021-12-22 11:45:19.079root 11241100x80000000000000003845270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.079{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7228b8a587a354d2021-12-22 11:45:19.079root 11241100x80000000000000003845271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4572146a6e39ff3a2021-12-22 11:45:19.443root 11241100x80000000000000003845272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f684378d36c8d02021-12-22 11:45:19.443root 11241100x80000000000000003845273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7274677dc208dc2021-12-22 11:45:19.443root 11241100x80000000000000003845274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1c1ac6ffc1d2752021-12-22 11:45:19.443root 11241100x80000000000000003845275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75220dd8966179d92021-12-22 11:45:19.444root 11241100x80000000000000003845276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e410d40a3b6679d2021-12-22 11:45:19.943root 11241100x80000000000000003845277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10cf3c5a79ec3042021-12-22 11:45:19.943root 11241100x80000000000000003845278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46371cd066d702f72021-12-22 11:45:19.943root 11241100x80000000000000003845279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8eabe2b68dddb92021-12-22 11:45:19.943root 11241100x80000000000000003845280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44897220561b1d7f2021-12-22 11:45:19.943root 11241100x80000000000000003845281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4797d7c10705b92021-12-22 11:45:20.443root 11241100x80000000000000003845282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef25b878b44b75c02021-12-22 11:45:20.443root 11241100x80000000000000003845283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab93aa409ce4af222021-12-22 11:45:20.443root 11241100x80000000000000003845284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7ed569463af3c32021-12-22 11:45:20.443root 11241100x80000000000000003845285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45fdd263fd03fa02021-12-22 11:45:20.443root 11241100x80000000000000003845286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725653f2c3bfab612021-12-22 11:45:20.943root 11241100x80000000000000003845287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aef2f50effef29c2021-12-22 11:45:20.943root 11241100x80000000000000003845288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2466e614d948f58a2021-12-22 11:45:20.943root 11241100x80000000000000003845289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba475fa4957df112021-12-22 11:45:20.944root 11241100x80000000000000003845290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462c57a326059bc82021-12-22 11:45:20.944root 11241100x80000000000000003845291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2202bba3df7366f2021-12-22 11:45:21.442root 11241100x80000000000000003845292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5bf84c161dd5a2021-12-22 11:45:21.443root 11241100x80000000000000003845293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3715c71823e3ef2021-12-22 11:45:21.443root 11241100x80000000000000003845294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfd4a930f079c1c2021-12-22 11:45:21.443root 11241100x80000000000000003845295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0e4fb64395e3fb2021-12-22 11:45:21.443root 11241100x80000000000000003845296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7e7bbd7bf31b132021-12-22 11:45:21.942root 11241100x80000000000000003845297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8395815d6b54c3392021-12-22 11:45:21.943root 11241100x80000000000000003845298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4024cc48f777ba42021-12-22 11:45:21.943root 11241100x80000000000000003845299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f31ccc1b61f019e2021-12-22 11:45:21.943root 11241100x80000000000000003845300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30cedf695565317d2021-12-22 11:45:21.943root 11241100x80000000000000003845301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f571ab134bbc10ed2021-12-22 11:45:22.443root 11241100x80000000000000003845302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14630166f7cf304e2021-12-22 11:45:22.443root 11241100x80000000000000003845303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee6debaba912ddc2021-12-22 11:45:22.443root 11241100x80000000000000003845304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67139b53efb2a72021-12-22 11:45:22.443root 11241100x80000000000000003845305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b43ac07f74d95d2021-12-22 11:45:22.443root 11241100x80000000000000003845306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8267f9f017a83e2021-12-22 11:45:22.942root 11241100x80000000000000003845307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a106da5545a111a2021-12-22 11:45:22.943root 11241100x80000000000000003845308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc49a9fab22a8e052021-12-22 11:45:22.943root 11241100x80000000000000003845309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1986121939a64ab22021-12-22 11:45:22.943root 11241100x80000000000000003845310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d2c6b5a7f5b91c2021-12-22 11:45:22.943root 11241100x80000000000000003845311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278cd9fb137f57012021-12-22 11:45:23.443root 11241100x80000000000000003845312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c23fe4a87dc9ed2021-12-22 11:45:23.443root 11241100x80000000000000003845313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836f8d47f2f3ab532021-12-22 11:45:23.443root 11241100x80000000000000003845314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522a244235f492432021-12-22 11:45:23.443root 11241100x80000000000000003845315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a83143b8e0ac9d32021-12-22 11:45:23.443root 11241100x80000000000000003845316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4766ff81fb8816cc2021-12-22 11:45:23.942root 11241100x80000000000000003845317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543740a1a39822192021-12-22 11:45:23.943root 11241100x80000000000000003845318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c8ca2950921ba22021-12-22 11:45:23.943root 11241100x80000000000000003845319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d150ed508cb352021-12-22 11:45:23.943root 11241100x80000000000000003845320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bff9498e263d9f92021-12-22 11:45:23.943root 354300x80000000000000003845321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.158{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55408-false10.0.1.12-8000- 11241100x80000000000000003845322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3beb08f775edf2e2021-12-22 11:45:24.443root 11241100x80000000000000003845323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.867d7450f7c98a2e2021-12-22 11:45:24.443root 11241100x80000000000000003845324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f691f8a62f057eb92021-12-22 11:45:24.443root 11241100x80000000000000003845325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f35c17351268a2021-12-22 11:45:24.443root 11241100x80000000000000003845326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6227cf9ec42d8e2021-12-22 11:45:24.443root 11241100x80000000000000003845327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10daafbda1c7ec42021-12-22 11:45:24.443root 11241100x80000000000000003845328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18c6f4b93af42062021-12-22 11:45:24.943root 11241100x80000000000000003845329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67354fe37c7743e2021-12-22 11:45:24.943root 11241100x80000000000000003845330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbe8d75c334101f2021-12-22 11:45:24.943root 11241100x80000000000000003845331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e158ef5e1ce0cd162021-12-22 11:45:24.943root 11241100x80000000000000003845332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add4abf021c4270b2021-12-22 11:45:24.943root 11241100x80000000000000003845333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af0453a9d9bd9c72021-12-22 11:45:24.943root 11241100x80000000000000003845334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8d7d78beb99f62021-12-22 11:45:25.443root 11241100x80000000000000003845335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2f73fe3591babb2021-12-22 11:45:25.443root 11241100x80000000000000003845336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81673ea11e9774922021-12-22 11:45:25.443root 11241100x80000000000000003845337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ebeb3ffdaed5752021-12-22 11:45:25.443root 11241100x80000000000000003845338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afb552a2782ae5132021-12-22 11:45:25.443root 11241100x80000000000000003845339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60274b18e47d8e0c2021-12-22 11:45:25.443root 11241100x80000000000000003845340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ac834c11b72d7e2021-12-22 11:45:25.943root 11241100x80000000000000003845341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f09172756fd5df2021-12-22 11:45:25.943root 11241100x80000000000000003845342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9433efde121f13622021-12-22 11:45:25.943root 11241100x80000000000000003845343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf4c471cf4337172021-12-22 11:45:25.943root 11241100x80000000000000003845344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2063c5d2b38f2f5f2021-12-22 11:45:25.943root 11241100x80000000000000003845345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815546bd148c41a22021-12-22 11:45:25.943root 11241100x80000000000000003845346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f372c70c3de65e02021-12-22 11:45:26.443root 11241100x80000000000000003845347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9614bc38eec312022021-12-22 11:45:26.443root 11241100x80000000000000003845348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4cfe5edc1b643c82021-12-22 11:45:26.443root 11241100x80000000000000003845349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e95aa93f9d59742021-12-22 11:45:26.443root 11241100x80000000000000003845350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28710dbb941f8662021-12-22 11:45:26.443root 11241100x80000000000000003845351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12292989bb06061d2021-12-22 11:45:26.443root 11241100x80000000000000003845352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfbb07395c1b4722021-12-22 11:45:26.943root 11241100x80000000000000003845353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa4c4e712983d7b2021-12-22 11:45:26.943root 11241100x80000000000000003845354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949d0fe66b04a7fb2021-12-22 11:45:26.943root 11241100x80000000000000003845355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d89b4f61f4aa632021-12-22 11:45:26.943root 11241100x80000000000000003845356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0c3ae105e242a52021-12-22 11:45:26.943root 11241100x80000000000000003845357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71829e76b65d968f2021-12-22 11:45:26.943root 11241100x80000000000000003845358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63524ea9490b13342021-12-22 11:45:27.443root 11241100x80000000000000003845359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79d0b81e431d0652021-12-22 11:45:27.443root 11241100x80000000000000003845360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc352946b4086aee2021-12-22 11:45:27.443root 11241100x80000000000000003845361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816ac7ca058710752021-12-22 11:45:27.443root 11241100x80000000000000003845362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452c2deae300694c2021-12-22 11:45:27.443root 11241100x80000000000000003845363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dfdd3dc1f740df92021-12-22 11:45:27.443root 11241100x80000000000000003845364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3867ba907d0723902021-12-22 11:45:27.943root 11241100x80000000000000003845365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e370e93a2bb919672021-12-22 11:45:27.943root 11241100x80000000000000003845366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86042471dc4ba0cc2021-12-22 11:45:27.943root 11241100x80000000000000003845367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a254abb980f3802021-12-22 11:45:27.943root 11241100x80000000000000003845368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567d098287404e552021-12-22 11:45:27.943root 11241100x80000000000000003845369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16fedd02bab907b2021-12-22 11:45:27.943root 11241100x80000000000000003845370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83678cd99e4145602021-12-22 11:45:28.443root 11241100x80000000000000003845371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e882fe49fc489cd2021-12-22 11:45:28.443root 11241100x80000000000000003845372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1709acf29b064ec2021-12-22 11:45:28.443root 11241100x80000000000000003845373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1088feebe7039fb12021-12-22 11:45:28.443root 11241100x80000000000000003845374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfbd32b075f88972021-12-22 11:45:28.443root 11241100x80000000000000003845375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5605844a0efa7a5f2021-12-22 11:45:28.443root 11241100x80000000000000003845376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c04f722f692f9f2021-12-22 11:45:28.943root 11241100x80000000000000003845377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5903c26e279844902021-12-22 11:45:28.943root 11241100x80000000000000003845378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8db4168651821b2021-12-22 11:45:28.943root 11241100x80000000000000003845379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a196a62f2a312a452021-12-22 11:45:28.943root 11241100x80000000000000003845380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adf492326a20a2b2021-12-22 11:45:28.943root 11241100x80000000000000003845381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4528285f758108e2021-12-22 11:45:28.943root 354300x80000000000000003845382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.186{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55410-false10.0.1.12-8000- 11241100x80000000000000003845383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f818dc4d2f4314c2021-12-22 11:45:29.443root 11241100x80000000000000003845384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f12782d003257a2021-12-22 11:45:29.443root 11241100x80000000000000003845385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881a3ccaccb7145c2021-12-22 11:45:29.443root 11241100x80000000000000003845386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7eb10face1b4d5c2021-12-22 11:45:29.443root 11241100x80000000000000003845387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0017b439ab571bbd2021-12-22 11:45:29.443root 11241100x80000000000000003845388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990683e58e8299032021-12-22 11:45:29.443root 11241100x80000000000000003845389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9d17ad31ff41832021-12-22 11:45:29.443root 154100x80000000000000003845390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.585{ec2b6afe-0fd9-61c3-6844-cd328c550000}19054/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003845391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.595{ec2b6afe-0fd9-61c3-6844-cd328c550000}19054/bin/psroot 11241100x80000000000000003845392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4bfe33bfcc8e202021-12-22 11:45:29.943root 11241100x80000000000000003845393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d587a66d74eb102021-12-22 11:45:29.943root 11241100x80000000000000003845394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9505befbccdd9d462021-12-22 11:45:29.943root 11241100x80000000000000003845395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d2d1c85190baec2021-12-22 11:45:29.944root 11241100x80000000000000003845396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac6b7faaa9a90fc2021-12-22 11:45:29.944root 11241100x80000000000000003845397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499bfa64f64a6f9d2021-12-22 11:45:29.944root 11241100x80000000000000003845398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff64f3df2f3c40802021-12-22 11:45:29.944root 11241100x80000000000000003845399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40e68c6cb03b4b72021-12-22 11:45:29.945root 11241100x80000000000000003845400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3120cde173a2012021-12-22 11:45:29.945root 11241100x80000000000000003845401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e8dfd7a4960d342021-12-22 11:45:30.443root 11241100x80000000000000003845402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a56a9f31e12c2162021-12-22 11:45:30.443root 11241100x80000000000000003845403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e08df24acfdcd52021-12-22 11:45:30.443root 11241100x80000000000000003845404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def5216757fa81d22021-12-22 11:45:30.443root 11241100x80000000000000003845405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30eff0fde19c689b2021-12-22 11:45:30.443root 11241100x80000000000000003845406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3109ec4e1d11c2c12021-12-22 11:45:30.443root 11241100x80000000000000003845407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6729e6a80d60232021-12-22 11:45:30.443root 11241100x80000000000000003845408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39188fc5c0421edb2021-12-22 11:45:30.443root 11241100x80000000000000003845409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372b0124aa7baa292021-12-22 11:45:30.444root 11241100x80000000000000003845410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45743ed43fba15c2021-12-22 11:45:30.943root 11241100x80000000000000003845411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f9036ae2c244732021-12-22 11:45:30.943root 11241100x80000000000000003845412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd79dff27d3be4d2021-12-22 11:45:30.943root 11241100x80000000000000003845413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d804a241711b1762021-12-22 11:45:30.943root 11241100x80000000000000003845414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e010f9f7e2f33a2021-12-22 11:45:30.943root 11241100x80000000000000003845415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38effff4839399bf2021-12-22 11:45:30.943root 11241100x80000000000000003845416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd2ae9cf31427aa2021-12-22 11:45:30.943root 11241100x80000000000000003845417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7debc4508e2d232021-12-22 11:45:30.943root 11241100x80000000000000003845418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de67cfb59b2d60012021-12-22 11:45:30.943root 11241100x80000000000000003845419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0833d9806d02f82021-12-22 11:45:31.443root 11241100x80000000000000003845420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11a5f1b3dc5d58c2021-12-22 11:45:31.443root 11241100x80000000000000003845421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d5a30bfea902982021-12-22 11:45:31.443root 11241100x80000000000000003845422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6345c61a430ec02021-12-22 11:45:31.443root 11241100x80000000000000003845423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a68b478c64f2cc2021-12-22 11:45:31.443root 11241100x80000000000000003845424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfc6e43ed630e0c2021-12-22 11:45:31.443root 11241100x80000000000000003845425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef39ed9f7ac0d2d2021-12-22 11:45:31.443root 11241100x80000000000000003845426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34882d87b5b30cc2021-12-22 11:45:31.443root 11241100x80000000000000003845427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2637a3d8da9f29e2021-12-22 11:45:31.443root 11241100x80000000000000003845428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1769b79a43bd98b32021-12-22 11:45:31.943root 11241100x80000000000000003845429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1201fc1b6be1c5262021-12-22 11:45:31.943root 11241100x80000000000000003845430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9892e32b101c4d1f2021-12-22 11:45:31.943root 11241100x80000000000000003845431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318d328479ec49f72021-12-22 11:45:31.943root 11241100x80000000000000003845432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aa3b7e64fb1c022021-12-22 11:45:31.944root 11241100x80000000000000003845433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56db9155ab20fb3a2021-12-22 11:45:31.944root 11241100x80000000000000003845434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f7dafe058e36612021-12-22 11:45:31.944root 11241100x80000000000000003845435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf172bdc197b646e2021-12-22 11:45:31.945root 11241100x80000000000000003845436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d438f934ebc0052021-12-22 11:45:31.945root 11241100x80000000000000003845437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d3a3f0c445afd02021-12-22 11:45:32.443root 11241100x80000000000000003845438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e48b70760bbb152021-12-22 11:45:32.443root 11241100x80000000000000003845439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e766ee92f901f12021-12-22 11:45:32.443root 11241100x80000000000000003845440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03801047f75c7dbd2021-12-22 11:45:32.443root 11241100x80000000000000003845441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18709d8cc3a5a712021-12-22 11:45:32.443root 11241100x80000000000000003845442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75868cfb75ef1a1b2021-12-22 11:45:32.443root 11241100x80000000000000003845443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3da85ec1696cec32021-12-22 11:45:32.444root 11241100x80000000000000003845444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7037e20b240a9a612021-12-22 11:45:32.444root 11241100x80000000000000003845445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8868913afec9e7972021-12-22 11:45:32.444root 11241100x80000000000000003845446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4730326242f58172021-12-22 11:45:32.943root 11241100x80000000000000003845447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ae749a1ff37f4b2021-12-22 11:45:32.943root 11241100x80000000000000003845448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16e65200e82fb2e2021-12-22 11:45:32.943root 11241100x80000000000000003845449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5a6c7bb8d4ef3d2021-12-22 11:45:32.943root 11241100x80000000000000003845450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887a777bcb1c5d2f2021-12-22 11:45:32.944root 11241100x80000000000000003845451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5e777998a0692f2021-12-22 11:45:32.944root 11241100x80000000000000003845452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ead76400fb0e8592021-12-22 11:45:32.944root 11241100x80000000000000003845453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4a16a2059d5db12021-12-22 11:45:32.944root 11241100x80000000000000003845454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ed2a6b4c18fc232021-12-22 11:45:32.944root 11241100x80000000000000003845455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.143{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:45:33.143root 11241100x80000000000000003845456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8d6598725826332021-12-22 11:45:33.443root 11241100x80000000000000003845457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f03ffc028510f1b2021-12-22 11:45:33.443root 11241100x80000000000000003845458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d84b3a014666e32021-12-22 11:45:33.443root 11241100x80000000000000003845459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bcb66c479994db2021-12-22 11:45:33.444root 11241100x80000000000000003845460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456539f30958d4312021-12-22 11:45:33.444root 11241100x80000000000000003845461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6cdef807741c322021-12-22 11:45:33.444root 11241100x80000000000000003845462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537879f84121b39c2021-12-22 11:45:33.444root 11241100x80000000000000003845463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1014c1fcbf9005462021-12-22 11:45:33.444root 11241100x80000000000000003845464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a42be1689e667f42021-12-22 11:45:33.444root 11241100x80000000000000003845465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226f343af111bf12021-12-22 11:45:33.445root 11241100x80000000000000003845466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a784bf88700b20442021-12-22 11:45:33.943root 11241100x80000000000000003845467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54316c87be3e7c942021-12-22 11:45:33.943root 11241100x80000000000000003845468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97f8240f9e11d9e2021-12-22 11:45:33.943root 11241100x80000000000000003845469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f7bcfa041392192021-12-22 11:45:33.943root 11241100x80000000000000003845470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcda618271abccf2021-12-22 11:45:33.943root 11241100x80000000000000003845471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18194a665b49c0ac2021-12-22 11:45:33.943root 11241100x80000000000000003845472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc7cb5336c3cb5e2021-12-22 11:45:33.943root 11241100x80000000000000003845473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb01a82e9caea622021-12-22 11:45:33.944root 11241100x80000000000000003845474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b84bb51160335172021-12-22 11:45:33.944root 11241100x80000000000000003845475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64433f04ecc64e802021-12-22 11:45:33.944root 354300x80000000000000003845476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:33.948{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42476-false10.0.1.12-8089- 11241100x80000000000000003845477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299383674aec38d12021-12-22 11:45:34.443root 11241100x80000000000000003845478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1aa7340dee7c342021-12-22 11:45:34.443root 11241100x80000000000000003845479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ef1dcbfeef2ead2021-12-22 11:45:34.443root 11241100x80000000000000003845480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068ab79406157282021-12-22 11:45:34.443root 11241100x80000000000000003845481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093e79c2fb641b1e2021-12-22 11:45:34.444root 11241100x80000000000000003845482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2a3ea297b08a032021-12-22 11:45:34.444root 11241100x80000000000000003845483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a142afa5accda942021-12-22 11:45:34.444root 11241100x80000000000000003845484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d5e71f121838ed2021-12-22 11:45:34.445root 11241100x80000000000000003845485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61ad7a117e5f8102021-12-22 11:45:34.445root 11241100x80000000000000003845486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fdada19d025b222021-12-22 11:45:34.445root 11241100x80000000000000003845487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5a4e9b2d55833c2021-12-22 11:45:34.445root 11241100x80000000000000003845488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f31e147adec8f5d2021-12-22 11:45:34.943root 11241100x80000000000000003845489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e29f26fa83ae352021-12-22 11:45:34.943root 11241100x80000000000000003845490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b028ec98b33b2002021-12-22 11:45:34.943root 11241100x80000000000000003845491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41b8c3ca5d38f882021-12-22 11:45:34.943root 11241100x80000000000000003845492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5571b9713855cfb2021-12-22 11:45:34.943root 11241100x80000000000000003845493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc02a2ac6a3146992021-12-22 11:45:34.944root 11241100x80000000000000003845494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69c84e14e5b78c52021-12-22 11:45:34.944root 11241100x80000000000000003845495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1651e8bfa58496622021-12-22 11:45:34.944root 11241100x80000000000000003845496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922364860574657c2021-12-22 11:45:34.944root 11241100x80000000000000003845497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08bb1122c3f431cf2021-12-22 11:45:34.944root 11241100x80000000000000003845498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e8e7ee7e17f3fb2021-12-22 11:45:34.944root 354300x80000000000000003845499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.070{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55414-false10.0.1.12-8000- 11241100x80000000000000003845500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a058611f8a3c815f2021-12-22 11:45:35.443root 11241100x80000000000000003845501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a1a34bc9aec6382021-12-22 11:45:35.443root 11241100x80000000000000003845502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd349018cce92702021-12-22 11:45:35.443root 11241100x80000000000000003845503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9cb5f413c429d2021-12-22 11:45:35.443root 11241100x80000000000000003845504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e32127f6debe292021-12-22 11:45:35.443root 11241100x80000000000000003845505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b21c7f8b7d5bb22021-12-22 11:45:35.443root 11241100x80000000000000003845506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3240f138b02a1c2021-12-22 11:45:35.443root 11241100x80000000000000003845507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102fc3c39ea23df52021-12-22 11:45:35.443root 11241100x80000000000000003845508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efda068028d70f1a2021-12-22 11:45:35.444root 11241100x80000000000000003845509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5dfecb44ac9b4b2021-12-22 11:45:35.444root 11241100x80000000000000003845510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33c35273664b2f82021-12-22 11:45:35.444root 11241100x80000000000000003845511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae4c3e1cc7e737a2021-12-22 11:45:35.444root 11241100x80000000000000003845512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed9c831559086122021-12-22 11:45:35.943root 11241100x80000000000000003845513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f452230080b968832021-12-22 11:45:35.943root 11241100x80000000000000003845514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcf42bca030bda72021-12-22 11:45:35.943root 11241100x80000000000000003845515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d6a37d529463ee2021-12-22 11:45:35.943root 11241100x80000000000000003845516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ff36f20b7d23fb2021-12-22 11:45:35.943root 11241100x80000000000000003845517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e104d0ba6336f4932021-12-22 11:45:35.943root 11241100x80000000000000003845518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a042b54bbc7d934f2021-12-22 11:45:35.943root 11241100x80000000000000003845519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10efa16f2b10b93a2021-12-22 11:45:35.944root 11241100x80000000000000003845520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5a0837553948192021-12-22 11:45:35.944root 11241100x80000000000000003845521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252013c5dc30d7062021-12-22 11:45:35.944root 11241100x80000000000000003845522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32f6a5bcb8a02862021-12-22 11:45:35.944root 11241100x80000000000000003845523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f92fd844604f22021-12-22 11:45:35.944root 23542300x80000000000000003845524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.146{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003845525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6389968949fc5f2021-12-22 11:45:36.443root 11241100x80000000000000003845526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aab652e59be9322021-12-22 11:45:36.443root 11241100x80000000000000003845527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2904eb3bf4e2a1602021-12-22 11:45:36.443root 11241100x80000000000000003845528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b984694432666f0a2021-12-22 11:45:36.443root 11241100x80000000000000003845529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3e849172e2725a2021-12-22 11:45:36.443root 11241100x80000000000000003845530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6f7eac2e4dd5202021-12-22 11:45:36.443root 11241100x80000000000000003845531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e5142a21c5eb72021-12-22 11:45:36.444root 11241100x80000000000000003845532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6833ca19374811df2021-12-22 11:45:36.444root 11241100x80000000000000003845533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc821404966098e82021-12-22 11:45:36.444root 11241100x80000000000000003845534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d082b16fb9bdf28f2021-12-22 11:45:36.444root 11241100x80000000000000003845535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af43f19fe0c673b42021-12-22 11:45:36.444root 11241100x80000000000000003845536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2987872ed77ff02021-12-22 11:45:36.444root 11241100x80000000000000003845537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473b325d8794182d2021-12-22 11:45:36.444root 11241100x80000000000000003845538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb8fc029a33738b2021-12-22 11:45:36.943root 11241100x80000000000000003845539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ca7ec3fe1c36f2021-12-22 11:45:36.943root 11241100x80000000000000003845540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667d2858eaf42f9c2021-12-22 11:45:36.943root 11241100x80000000000000003845541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342e22ed8da6b87e2021-12-22 11:45:36.943root 11241100x80000000000000003845542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65d628cda630b132021-12-22 11:45:36.943root 11241100x80000000000000003845543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c9166c7c1050b2021-12-22 11:45:36.943root 11241100x80000000000000003845544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91189224ae769db52021-12-22 11:45:36.944root 11241100x80000000000000003845545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1ad65a87f13e152021-12-22 11:45:36.944root 11241100x80000000000000003845546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd609315e7c970012021-12-22 11:45:36.944root 11241100x80000000000000003845547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53de9c2e37d63e02021-12-22 11:45:36.944root 11241100x80000000000000003845548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359dc5a712727fab2021-12-22 11:45:36.944root 11241100x80000000000000003845549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd14fd205a4823a2021-12-22 11:45:36.944root 11241100x80000000000000003845550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ce55f1129e454c2021-12-22 11:45:36.944root 11241100x80000000000000003845551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6c52158b2468592021-12-22 11:45:37.443root 11241100x80000000000000003845552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e810a1abbddda0a2021-12-22 11:45:37.443root 11241100x80000000000000003845553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39265deaf9be6b6a2021-12-22 11:45:37.443root 11241100x80000000000000003845554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ea2b2841106bc42021-12-22 11:45:37.443root 11241100x80000000000000003845555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638b65bacc1c45a12021-12-22 11:45:37.443root 11241100x80000000000000003845556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee8ac39d8051f3d2021-12-22 11:45:37.444root 11241100x80000000000000003845557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7069384debd6be2021-12-22 11:45:37.444root 11241100x80000000000000003845558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ee6a3cc8c99f602021-12-22 11:45:37.444root 11241100x80000000000000003845559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48195988b7174d572021-12-22 11:45:37.444root 11241100x80000000000000003845560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de6bf392b989ddf2021-12-22 11:45:37.444root 11241100x80000000000000003845561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7065e9c9f8360b2e2021-12-22 11:45:37.444root 11241100x80000000000000003845562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33925999804ebd842021-12-22 11:45:37.444root 11241100x80000000000000003845563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f4e658c02825af2021-12-22 11:45:37.444root 11241100x80000000000000003845564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05ebdc4cc037f682021-12-22 11:45:37.943root 11241100x80000000000000003845565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a308be520cb1b22021-12-22 11:45:37.943root 11241100x80000000000000003845566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b365281806fa64aa2021-12-22 11:45:37.943root 11241100x80000000000000003845567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767a43e67bd5a7102021-12-22 11:45:37.943root 11241100x80000000000000003845568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2585d4e11bbd96182021-12-22 11:45:37.943root 11241100x80000000000000003845569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17dc02bf82d68d902021-12-22 11:45:37.944root 11241100x80000000000000003845570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609046ec29456a8c2021-12-22 11:45:37.944root 11241100x80000000000000003845571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c6d52e9979356a2021-12-22 11:45:37.944root 11241100x80000000000000003845572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76750506270482f02021-12-22 11:45:37.944root 11241100x80000000000000003845573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389578ec2f1523412021-12-22 11:45:37.944root 11241100x80000000000000003845574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c604e3b13a77ce72021-12-22 11:45:37.944root 11241100x80000000000000003845575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5664bc7971fadfc2021-12-22 11:45:37.944root 11241100x80000000000000003845576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a025518b06ebfce2021-12-22 11:45:37.944root 11241100x80000000000000003845577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e765e7185d78f0c2021-12-22 11:45:38.443root 11241100x80000000000000003845578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213a1075d07f30822021-12-22 11:45:38.443root 11241100x80000000000000003845579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730ad0e61bfa3af2021-12-22 11:45:38.443root 11241100x80000000000000003845580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cf4ad2b137560a2021-12-22 11:45:38.443root 11241100x80000000000000003845581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092174200268b0632021-12-22 11:45:38.443root 11241100x80000000000000003845582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe1aa3cf376bd602021-12-22 11:45:38.444root 11241100x80000000000000003845583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ea79bf0317a4ce2021-12-22 11:45:38.444root 11241100x80000000000000003845584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f270e43570ca96572021-12-22 11:45:38.444root 11241100x80000000000000003845585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f2f8bd6228c8ba2021-12-22 11:45:38.444root 11241100x80000000000000003845586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff613f6bea6c4f32021-12-22 11:45:38.444root 11241100x80000000000000003845587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47572cf73171d6162021-12-22 11:45:38.444root 11241100x80000000000000003845588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7de5968c2c532ef2021-12-22 11:45:38.444root 11241100x80000000000000003845589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b3db768c7fb2912021-12-22 11:45:38.444root 11241100x80000000000000003845590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e785bc6b3cce392021-12-22 11:45:38.943root 11241100x80000000000000003845591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede6f801e25381d82021-12-22 11:45:38.943root 11241100x80000000000000003845592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb625c2ac8c461ba2021-12-22 11:45:38.943root 11241100x80000000000000003845593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ac60395bebe2952021-12-22 11:45:38.943root 11241100x80000000000000003845594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6b16de3b7ba29d2021-12-22 11:45:38.943root 11241100x80000000000000003845595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a55d6bdcf507b292021-12-22 11:45:38.944root 11241100x80000000000000003845596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e942c7f3492ed1552021-12-22 11:45:38.944root 11241100x80000000000000003845597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cdba4535d6f2bb2021-12-22 11:45:38.944root 11241100x80000000000000003845598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed2fa66bfcef3cb2021-12-22 11:45:38.944root 11241100x80000000000000003845599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5440dcfcc5c17c12021-12-22 11:45:38.944root 11241100x80000000000000003845600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6d1866eefbed432021-12-22 11:45:38.944root 11241100x80000000000000003845601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e970356fb2bbab282021-12-22 11:45:38.944root 11241100x80000000000000003845602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a452bafa990993fb2021-12-22 11:45:38.944root 11241100x80000000000000003845603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711f39f45403a84a2021-12-22 11:45:39.443root 11241100x80000000000000003845604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca02d53a86ca8f2021-12-22 11:45:39.443root 11241100x80000000000000003845605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f0202a655294762021-12-22 11:45:39.443root 11241100x80000000000000003845606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1f05994ade3a82021-12-22 11:45:39.443root 11241100x80000000000000003845607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985ee342ff30452f2021-12-22 11:45:39.443root 11241100x80000000000000003845608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05dc386823c25b8d2021-12-22 11:45:39.443root 11241100x80000000000000003845609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57092b4b7ff25c812021-12-22 11:45:39.443root 11241100x80000000000000003845610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51299ad016135492021-12-22 11:45:39.444root 11241100x80000000000000003845611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c32b1fecda4f8882021-12-22 11:45:39.444root 11241100x80000000000000003845612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0583716d90a0462021-12-22 11:45:39.444root 11241100x80000000000000003845613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bcbbdb3d46d02b2021-12-22 11:45:39.444root 11241100x80000000000000003845614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f6cb716af6f34f2021-12-22 11:45:39.444root 11241100x80000000000000003845615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef90f7417dce032021-12-22 11:45:39.444root 11241100x80000000000000003845616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfc893b04f29bdd2021-12-22 11:45:39.943root 11241100x80000000000000003845617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eec2e21a6071682021-12-22 11:45:39.943root 11241100x80000000000000003845618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25327363be99bce2021-12-22 11:45:39.943root 11241100x80000000000000003845619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcb1cc3b363ed382021-12-22 11:45:39.943root 11241100x80000000000000003845620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1330255dd6b5dbd2021-12-22 11:45:39.943root 11241100x80000000000000003845621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0cb8b9b0541c552021-12-22 11:45:39.943root 11241100x80000000000000003845622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a3dd479130d1a92021-12-22 11:45:39.943root 11241100x80000000000000003845623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e604a04c474401e2021-12-22 11:45:39.944root 11241100x80000000000000003845624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432575ccb7313ce42021-12-22 11:45:39.944root 11241100x80000000000000003845625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b97cb933a222c3a2021-12-22 11:45:39.944root 11241100x80000000000000003845626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dbb37b0258806442021-12-22 11:45:39.944root 11241100x80000000000000003845627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cabc7e7e5280b612021-12-22 11:45:39.944root 11241100x80000000000000003845628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3724f8c69bd3a0542021-12-22 11:45:39.944root 11241100x80000000000000003845629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914f7a507d543d662021-12-22 11:45:40.443root 11241100x80000000000000003845630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beb97f0fb7045752021-12-22 11:45:40.443root 11241100x80000000000000003845631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa909a9ae012f6f72021-12-22 11:45:40.443root 11241100x80000000000000003845632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f158b25824b21de2021-12-22 11:45:40.443root 11241100x80000000000000003845633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5253db1de4b4bc2021-12-22 11:45:40.443root 11241100x80000000000000003845634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f7a9b7bf45c9372021-12-22 11:45:40.443root 11241100x80000000000000003845635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9644380acd88c9f2021-12-22 11:45:40.443root 11241100x80000000000000003845636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4187e5179dadb0652021-12-22 11:45:40.444root 11241100x80000000000000003845637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41309e312627de152021-12-22 11:45:40.444root 11241100x80000000000000003845638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879a1ff33d4fde832021-12-22 11:45:40.444root 11241100x80000000000000003845639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823ceb266da623062021-12-22 11:45:40.444root 11241100x80000000000000003845640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202b9fe7b6069bbd2021-12-22 11:45:40.444root 11241100x80000000000000003845641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2309e352f5587f8d2021-12-22 11:45:40.444root 11241100x80000000000000003845642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7aa8d250c646c3a2021-12-22 11:45:40.943root 11241100x80000000000000003845643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e0431c0a10e2ec2021-12-22 11:45:40.943root 11241100x80000000000000003845644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4aafd3e833cbdfc2021-12-22 11:45:40.943root 11241100x80000000000000003845645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc7228d98f97fe72021-12-22 11:45:40.943root 11241100x80000000000000003845646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea7142092e330a2021-12-22 11:45:40.943root 11241100x80000000000000003845647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2f41f05bae708f2021-12-22 11:45:40.943root 11241100x80000000000000003845648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f34adf18084a7c2021-12-22 11:45:40.944root 11241100x80000000000000003845649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c379da8550a0902021-12-22 11:45:40.944root 11241100x80000000000000003845650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6f1d936e87b5d2021-12-22 11:45:40.944root 11241100x80000000000000003845651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3fa418e56c109f2021-12-22 11:45:40.944root 11241100x80000000000000003845652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c4f5dab3249752021-12-22 11:45:40.944root 11241100x80000000000000003845653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cbf0bc339483ed2021-12-22 11:45:40.944root 11241100x80000000000000003845654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0787cc76a7de87cc2021-12-22 11:45:40.944root 354300x80000000000000003845655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55416-false10.0.1.12-8000- 11241100x80000000000000003845656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24d00b34d89f4b22021-12-22 11:45:41.443root 11241100x80000000000000003845657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f691af27e58b6f5e2021-12-22 11:45:41.443root 11241100x80000000000000003845658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756f00b8319600392021-12-22 11:45:41.443root 11241100x80000000000000003845659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9d9207ef3ca3f02021-12-22 11:45:41.443root 11241100x80000000000000003845660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bf8d1c26b05aa02021-12-22 11:45:41.443root 11241100x80000000000000003845661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd76c76a32dc4afa2021-12-22 11:45:41.444root 11241100x80000000000000003845662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c235f1ba91d0e32021-12-22 11:45:41.444root 11241100x80000000000000003845663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681c0bcf8c3feff22021-12-22 11:45:41.444root 11241100x80000000000000003845664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6457c993dc3edf2e2021-12-22 11:45:41.444root 11241100x80000000000000003845665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae263d09c0ddbe282021-12-22 11:45:41.444root 11241100x80000000000000003845666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493e6d54851e2fde2021-12-22 11:45:41.444root 11241100x80000000000000003845667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4324c9f5117dec622021-12-22 11:45:41.444root 11241100x80000000000000003845668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0274b9fa894b2b182021-12-22 11:45:41.444root 11241100x80000000000000003845669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6158dfe286e1b4be2021-12-22 11:45:41.444root 11241100x80000000000000003845670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d1d645e03a586f2021-12-22 11:45:41.943root 11241100x80000000000000003845671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d6a0d2457c06162021-12-22 11:45:41.943root 11241100x80000000000000003845672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cec23e7901284e2021-12-22 11:45:41.943root 11241100x80000000000000003845673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7165c106f0827fc22021-12-22 11:45:41.943root 11241100x80000000000000003845674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24514630eac03ba2021-12-22 11:45:41.943root 11241100x80000000000000003845675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649ce11ab4974ce42021-12-22 11:45:41.943root 11241100x80000000000000003845676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1451170e4ec579e2021-12-22 11:45:41.943root 11241100x80000000000000003845677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6753d76c638386f12021-12-22 11:45:41.943root 11241100x80000000000000003845678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7227d2aa47815bf2021-12-22 11:45:41.943root 11241100x80000000000000003845679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc553ce5870598382021-12-22 11:45:41.943root 11241100x80000000000000003845680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94ad751212b1d892021-12-22 11:45:41.944root 11241100x80000000000000003845681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e03130ff4c474b32021-12-22 11:45:41.944root 11241100x80000000000000003845682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13dfd6569356d3f52021-12-22 11:45:41.944root 11241100x80000000000000003845683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94756e0ada404572021-12-22 11:45:41.944root 11241100x80000000000000003845684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1739e719a0a4af2021-12-22 11:45:42.443root 11241100x80000000000000003845685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37566c944c9c354c2021-12-22 11:45:42.443root 11241100x80000000000000003845686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925065f4caa43ee62021-12-22 11:45:42.443root 11241100x80000000000000003845687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61754ca4e56791eb2021-12-22 11:45:42.444root 11241100x80000000000000003845688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a278b5622e0cef2021-12-22 11:45:42.444root 11241100x80000000000000003845689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d004ce43f185fd22021-12-22 11:45:42.444root 11241100x80000000000000003845690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e41694a62fe9972021-12-22 11:45:42.444root 11241100x80000000000000003845691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cec2ed945e5341f2021-12-22 11:45:42.445root 11241100x80000000000000003845692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728fa515ec8e13622021-12-22 11:45:42.445root 11241100x80000000000000003845693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14297ed96a4835832021-12-22 11:45:42.445root 11241100x80000000000000003845694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37064a2ddde3286e2021-12-22 11:45:42.446root 11241100x80000000000000003845695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ff9383786920492021-12-22 11:45:42.446root 11241100x80000000000000003845696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a955143efa231fa72021-12-22 11:45:42.446root 11241100x80000000000000003845697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5758e455f4a0474c2021-12-22 11:45:42.447root 11241100x80000000000000003845698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdf38e1ee47d2772021-12-22 11:45:42.943root 11241100x80000000000000003845699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd43632a4daa961e2021-12-22 11:45:42.943root 11241100x80000000000000003845700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18100146ae4c9a742021-12-22 11:45:42.944root 11241100x80000000000000003845701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6f24e817bbd3822021-12-22 11:45:42.944root 11241100x80000000000000003845702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd0fc89e8c8fb5e2021-12-22 11:45:42.944root 11241100x80000000000000003845703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f68cb14076c381e2021-12-22 11:45:42.945root 11241100x80000000000000003845704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069420832fe9bc62021-12-22 11:45:42.945root 11241100x80000000000000003845705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1032091e5cf5165a2021-12-22 11:45:42.945root 11241100x80000000000000003845706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9f85b9e175d5442021-12-22 11:45:42.946root 11241100x80000000000000003845707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f86b2072f0605b2021-12-22 11:45:42.946root 11241100x80000000000000003845708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bdb8baebaf87362021-12-22 11:45:42.946root 11241100x80000000000000003845709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348b003aaf67280c2021-12-22 11:45:42.947root 11241100x80000000000000003845710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19109979685b33c12021-12-22 11:45:42.947root 11241100x80000000000000003845711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:42.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42479aaa16563f42021-12-22 11:45:42.947root 11241100x80000000000000003845712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724c1c75c7256a592021-12-22 11:45:43.443root 11241100x80000000000000003845713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41cede7635bc3fd72021-12-22 11:45:43.443root 11241100x80000000000000003845714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2724171233f083f22021-12-22 11:45:43.443root 11241100x80000000000000003845715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eaac2c05d124b62021-12-22 11:45:43.443root 11241100x80000000000000003845716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c1c7b631e7b95c2021-12-22 11:45:43.443root 11241100x80000000000000003845717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f625aca936c4022021-12-22 11:45:43.444root 11241100x80000000000000003845718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8fd6923539c6d52021-12-22 11:45:43.444root 11241100x80000000000000003845719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cf876a3399d3182021-12-22 11:45:43.444root 11241100x80000000000000003845720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc02f676fa8ce552021-12-22 11:45:43.444root 11241100x80000000000000003845721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cdcb42b955cd012021-12-22 11:45:43.444root 11241100x80000000000000003845722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8b6b2c2bdb2e02021-12-22 11:45:43.444root 11241100x80000000000000003845723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d43598a0b0540d02021-12-22 11:45:43.444root 11241100x80000000000000003845724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8870e5e6d476c4f2021-12-22 11:45:43.444root 11241100x80000000000000003845725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a8244955f65722021-12-22 11:45:43.444root 11241100x80000000000000003845726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7d9acc904099202021-12-22 11:45:43.943root 11241100x80000000000000003845727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff378b03db19ea42021-12-22 11:45:43.943root 11241100x80000000000000003845728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8576c1732f3f792021-12-22 11:45:43.943root 11241100x80000000000000003845729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed8cb6e45cc030e2021-12-22 11:45:43.943root 11241100x80000000000000003845730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf501b78efdb4592021-12-22 11:45:43.943root 11241100x80000000000000003845731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee2497ad212f86f2021-12-22 11:45:43.944root 11241100x80000000000000003845732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feefd72fe057a4c2021-12-22 11:45:43.944root 11241100x80000000000000003845733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c56924ab05bff12021-12-22 11:45:43.944root 11241100x80000000000000003845734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad591c564afee7c2021-12-22 11:45:43.944root 11241100x80000000000000003845735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0f3852da4478a62021-12-22 11:45:43.944root 11241100x80000000000000003845736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4204c2642c260d2021-12-22 11:45:43.944root 11241100x80000000000000003845737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60131f41b78c62402021-12-22 11:45:43.944root 11241100x80000000000000003845738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f6445da5f139aa2021-12-22 11:45:43.944root 11241100x80000000000000003845739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b245475e56b1cf22021-12-22 11:45:43.944root 11241100x80000000000000003845740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03882ba9c93aabf62021-12-22 11:45:44.443root 11241100x80000000000000003845741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432c30d067d1b6fe2021-12-22 11:45:44.443root 11241100x80000000000000003845742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7c93fc553bef092021-12-22 11:45:44.443root 11241100x80000000000000003845743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb3c070875277a02021-12-22 11:45:44.443root 11241100x80000000000000003845744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f04732fa3907882021-12-22 11:45:44.443root 11241100x80000000000000003845745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff11df0287da7002021-12-22 11:45:44.443root 11241100x80000000000000003845746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaaeb0773a8b6612021-12-22 11:45:44.444root 11241100x80000000000000003845747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efbdc4174ed8c52021-12-22 11:45:44.444root 11241100x80000000000000003845748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccabf9560b9df842021-12-22 11:45:44.444root 11241100x80000000000000003845749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54dbae63d01707162021-12-22 11:45:44.444root 11241100x80000000000000003845750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd38bb17dd567512021-12-22 11:45:44.444root 11241100x80000000000000003845751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492477f59e2e0a512021-12-22 11:45:44.444root 11241100x80000000000000003845752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674c5f95700bcb152021-12-22 11:45:44.444root 11241100x80000000000000003845753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aace83938acf1fad2021-12-22 11:45:44.444root 11241100x80000000000000003845754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988a4fbc436df2bc2021-12-22 11:45:44.943root 11241100x80000000000000003845755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3393f1fc62a851bb2021-12-22 11:45:44.943root 11241100x80000000000000003845756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca207c1376a629c52021-12-22 11:45:44.943root 11241100x80000000000000003845757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b27d08766e2e1dc2021-12-22 11:45:44.943root 11241100x80000000000000003845758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c46d753e50c32402021-12-22 11:45:44.943root 11241100x80000000000000003845759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd6187541847eea2021-12-22 11:45:44.944root 11241100x80000000000000003845760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c2cf4de1879d542021-12-22 11:45:44.944root 11241100x80000000000000003845761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18196631fb1438b72021-12-22 11:45:44.944root 11241100x80000000000000003845762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4526f166bc52a722021-12-22 11:45:44.944root 11241100x80000000000000003845763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb12fa4ba6dc3cbe2021-12-22 11:45:44.944root 11241100x80000000000000003845764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e9d3c4e14bbc3b2021-12-22 11:45:44.944root 11241100x80000000000000003845765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e34f2a32b99a672021-12-22 11:45:44.944root 11241100x80000000000000003845766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc24d11cf61ad3b2021-12-22 11:45:44.944root 11241100x80000000000000003845767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a87378bd91f4a032021-12-22 11:45:44.944root 11241100x80000000000000003845768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc2fb02bf068f592021-12-22 11:45:45.443root 11241100x80000000000000003845769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5968a8d92cf6712021-12-22 11:45:45.443root 11241100x80000000000000003845770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de6c95bbeabda72021-12-22 11:45:45.443root 11241100x80000000000000003845771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902f052e2453def72021-12-22 11:45:45.443root 11241100x80000000000000003845772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2b47e4ecfe3c362021-12-22 11:45:45.444root 11241100x80000000000000003845773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad6896886f964d2021-12-22 11:45:45.444root 11241100x80000000000000003845774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda788f1d25e791c2021-12-22 11:45:45.444root 11241100x80000000000000003845775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded34525b81659d2021-12-22 11:45:45.444root 11241100x80000000000000003845776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fdf68c01a4ea5e2021-12-22 11:45:45.444root 11241100x80000000000000003845777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404dac72eebceb3a2021-12-22 11:45:45.445root 11241100x80000000000000003845778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0936b2537e7896f92021-12-22 11:45:45.445root 11241100x80000000000000003845779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe1b7ee94a2ccc12021-12-22 11:45:45.445root 11241100x80000000000000003845780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f751fb708d35533e2021-12-22 11:45:45.445root 11241100x80000000000000003845781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc28b3b7bfffae092021-12-22 11:45:45.445root 11241100x80000000000000003845782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576119cf104d37c42021-12-22 11:45:45.943root 11241100x80000000000000003845783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae2d1e8e42798f42021-12-22 11:45:45.943root 11241100x80000000000000003845784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a69aaf8e50864892021-12-22 11:45:45.943root 11241100x80000000000000003845785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020fb9bd508b9b942021-12-22 11:45:45.943root 11241100x80000000000000003845786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7666e0aec2c5462021-12-22 11:45:45.944root 11241100x80000000000000003845787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a6de6e7475216e2021-12-22 11:45:45.944root 11241100x80000000000000003845788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59eb2dd396f9b31e2021-12-22 11:45:45.944root 11241100x80000000000000003845789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e828a8f391f8db02021-12-22 11:45:45.944root 11241100x80000000000000003845790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca28d9f1fa192c62021-12-22 11:45:45.944root 11241100x80000000000000003845791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58adbb5771adee82021-12-22 11:45:45.944root 11241100x80000000000000003845792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81383829e41253ca2021-12-22 11:45:45.945root 11241100x80000000000000003845793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72558144b5142edc2021-12-22 11:45:45.945root 11241100x80000000000000003845794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4871f7dd07f5db112021-12-22 11:45:45.945root 11241100x80000000000000003845795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0274512534970be22021-12-22 11:45:45.945root 354300x80000000000000003845796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.077{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55418-false10.0.1.12-8000- 11241100x80000000000000003845797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019ca8ec454b5c7c2021-12-22 11:45:46.443root 11241100x80000000000000003845798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d95b77f3d8de0942021-12-22 11:45:46.443root 11241100x80000000000000003845799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fa4252432b12f22021-12-22 11:45:46.443root 11241100x80000000000000003845800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a097719da1a3d8e02021-12-22 11:45:46.443root 11241100x80000000000000003845801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4743225329c705a2021-12-22 11:45:46.444root 11241100x80000000000000003845802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a9e6aea0149bb2021-12-22 11:45:46.444root 11241100x80000000000000003845803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202eedfdd63174722021-12-22 11:45:46.444root 11241100x80000000000000003845804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2d9872349af062021-12-22 11:45:46.444root 11241100x80000000000000003845805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd81282fd2823c02021-12-22 11:45:46.444root 11241100x80000000000000003845806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109baae354d5b27a2021-12-22 11:45:46.444root 11241100x80000000000000003845807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645affef44e90b432021-12-22 11:45:46.445root 11241100x80000000000000003845808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbe1115d98969752021-12-22 11:45:46.445root 11241100x80000000000000003845809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8e1ededea548ef2021-12-22 11:45:46.445root 11241100x80000000000000003845810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf32060149ad1c932021-12-22 11:45:46.445root 11241100x80000000000000003845811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5e84887c8e14452021-12-22 11:45:46.446root 11241100x80000000000000003845812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df41d6ef07400d562021-12-22 11:45:46.943root 11241100x80000000000000003845813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba849ccbc2e129932021-12-22 11:45:46.943root 11241100x80000000000000003845814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0957df87c29e83362021-12-22 11:45:46.943root 11241100x80000000000000003845815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107c5db86722ff02021-12-22 11:45:46.943root 11241100x80000000000000003845816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63963cf44b107aea2021-12-22 11:45:46.943root 11241100x80000000000000003845817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f367273797475c2021-12-22 11:45:46.943root 11241100x80000000000000003845818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce1397cb069df75c2021-12-22 11:45:46.944root 11241100x80000000000000003845819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180595c165cce2082021-12-22 11:45:46.944root 11241100x80000000000000003845820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8606f17a3d27ef262021-12-22 11:45:46.944root 11241100x80000000000000003845821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815b797851ae6ed02021-12-22 11:45:46.944root 11241100x80000000000000003845822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4b96aff46bb4992021-12-22 11:45:46.944root 11241100x80000000000000003845823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed74e30655caf9a2021-12-22 11:45:46.944root 11241100x80000000000000003845824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2858f6a648d8de112021-12-22 11:45:46.944root 11241100x80000000000000003845825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d77e3f782a27f082021-12-22 11:45:46.944root 11241100x80000000000000003845826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e633df1d98eb64312021-12-22 11:45:46.944root 11241100x80000000000000003845827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04247f85f345b3b92021-12-22 11:45:47.443root 11241100x80000000000000003845828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5da691086e92172021-12-22 11:45:47.443root 11241100x80000000000000003845829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9475547932efe552021-12-22 11:45:47.443root 11241100x80000000000000003845830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344aa2ed80c57fd42021-12-22 11:45:47.443root 11241100x80000000000000003845831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35d14792ee4ab822021-12-22 11:45:47.444root 11241100x80000000000000003845832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd966dead85f3ce2021-12-22 11:45:47.444root 11241100x80000000000000003845833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f742d4c87d92a032021-12-22 11:45:47.444root 11241100x80000000000000003845834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16697abc04580daa2021-12-22 11:45:47.444root 11241100x80000000000000003845835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7658d44bb9cb155c2021-12-22 11:45:47.444root 11241100x80000000000000003845836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e34363a16a73e72021-12-22 11:45:47.444root 11241100x80000000000000003845837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d16babef3f955e52021-12-22 11:45:47.444root 11241100x80000000000000003845838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba91cc5eb07e4a2d2021-12-22 11:45:47.444root 11241100x80000000000000003845839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9302ab5eaae03a552021-12-22 11:45:47.444root 11241100x80000000000000003845840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf13b03eec6c99f02021-12-22 11:45:47.445root 11241100x80000000000000003845841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9f01e4fa96933c2021-12-22 11:45:47.445root 11241100x80000000000000003845842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd5aa1d229e62982021-12-22 11:45:47.943root 11241100x80000000000000003845843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee18bac4371a8a62021-12-22 11:45:47.943root 11241100x80000000000000003845844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d00afb55dc62ee62021-12-22 11:45:47.943root 11241100x80000000000000003845845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec873175e102cfd2021-12-22 11:45:47.943root 11241100x80000000000000003845846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cd9c1d8af7992a2021-12-22 11:45:47.943root 11241100x80000000000000003845847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b7113c6e48c66e2021-12-22 11:45:47.943root 11241100x80000000000000003845848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076ab1fb18ab57442021-12-22 11:45:47.944root 11241100x80000000000000003845849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dce1b7a4dd0336c2021-12-22 11:45:47.944root 11241100x80000000000000003845850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2844702fa12130eb2021-12-22 11:45:47.944root 11241100x80000000000000003845851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0317b1ec072a65e2021-12-22 11:45:47.944root 11241100x80000000000000003845852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34193e65c1964662021-12-22 11:45:47.944root 11241100x80000000000000003845853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaeaa560aa5cb4c2021-12-22 11:45:47.944root 11241100x80000000000000003845854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095bc46b5ec78aa2021-12-22 11:45:47.944root 11241100x80000000000000003845855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d3d2da5fb540f92021-12-22 11:45:47.944root 11241100x80000000000000003845856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a3283022677172021-12-22 11:45:47.944root 11241100x80000000000000003845857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb46daf0436e2612021-12-22 11:45:48.443root 11241100x80000000000000003845858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9e09b6c15c9d02021-12-22 11:45:48.443root 11241100x80000000000000003845859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5780a8f1ba3c46e62021-12-22 11:45:48.444root 11241100x80000000000000003845860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cc9588a702b6f82021-12-22 11:45:48.444root 11241100x80000000000000003845861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493d15acda0c0a9b2021-12-22 11:45:48.444root 11241100x80000000000000003845862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e76d80050690362021-12-22 11:45:48.444root 11241100x80000000000000003845863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2134d4343932666e2021-12-22 11:45:48.444root 11241100x80000000000000003845864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b670b539f4ca9162021-12-22 11:45:48.444root 11241100x80000000000000003845865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a65bfdefe3453da2021-12-22 11:45:48.444root 11241100x80000000000000003845866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0dc2ad33e361052021-12-22 11:45:48.445root 11241100x80000000000000003845867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9489dffdbc24072021-12-22 11:45:48.445root 11241100x80000000000000003845868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cfd3e36ff2c3892021-12-22 11:45:48.445root 11241100x80000000000000003845869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e606800962887a2021-12-22 11:45:48.447root 11241100x80000000000000003845870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5672e611021e59a12021-12-22 11:45:48.447root 11241100x80000000000000003845871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d926bc87d7e25b2021-12-22 11:45:48.447root 11241100x80000000000000003845872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4fd712f24a95322021-12-22 11:45:48.943root 11241100x80000000000000003845873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f143863deb70cf062021-12-22 11:45:48.943root 11241100x80000000000000003845874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c232f68c00db2b732021-12-22 11:45:48.944root 11241100x80000000000000003845875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d796cd1127eafb262021-12-22 11:45:48.944root 11241100x80000000000000003845876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f8b623e314ecad2021-12-22 11:45:48.944root 11241100x80000000000000003845877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b83e7632e16d632021-12-22 11:45:48.944root 11241100x80000000000000003845878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdc8407a1720edc2021-12-22 11:45:48.944root 11241100x80000000000000003845879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a1d6d369a1f05a2021-12-22 11:45:48.945root 11241100x80000000000000003845880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d23a154b0b09a22021-12-22 11:45:48.945root 11241100x80000000000000003845881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42cee89d68cb89b2021-12-22 11:45:48.945root 11241100x80000000000000003845882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8d329f9a611aab2021-12-22 11:45:48.946root 11241100x80000000000000003845883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f93ede84a3bfff42021-12-22 11:45:48.946root 11241100x80000000000000003845884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6fa7da158aaeed2021-12-22 11:45:48.946root 11241100x80000000000000003845885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45946baeee18b27d2021-12-22 11:45:48.946root 11241100x80000000000000003845886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ebb73a0eb2707b2021-12-22 11:45:48.947root 11241100x80000000000000003845887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4868d665b74cae022021-12-22 11:45:49.443root 11241100x80000000000000003845888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43145a70a49646ab2021-12-22 11:45:49.444root 11241100x80000000000000003845889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a054a36b0c0025be2021-12-22 11:45:49.444root 11241100x80000000000000003845890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70a2d25788e11d62021-12-22 11:45:49.444root 11241100x80000000000000003845891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa500ff50a84912f2021-12-22 11:45:49.444root 11241100x80000000000000003845892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694fb0c664214f562021-12-22 11:45:49.444root 11241100x80000000000000003845893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c54d7f7a37477ab2021-12-22 11:45:49.444root 11241100x80000000000000003845894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f701810a7a0ccd8a2021-12-22 11:45:49.444root 11241100x80000000000000003845895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f94ddaa7bc45e52021-12-22 11:45:49.444root 11241100x80000000000000003845896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5f6f53705ce60a2021-12-22 11:45:49.445root 11241100x80000000000000003845897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99abe4a3e28a0dfd2021-12-22 11:45:49.445root 11241100x80000000000000003845898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806fea6b50c7af132021-12-22 11:45:49.445root 11241100x80000000000000003845899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eb0c7c4da92dbf2021-12-22 11:45:49.445root 11241100x80000000000000003845900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd775ea0fc4399322021-12-22 11:45:49.445root 11241100x80000000000000003845901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966422eb1ff0c86a2021-12-22 11:45:49.445root 11241100x80000000000000003845902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65068de96b357dc32021-12-22 11:45:49.943root 11241100x80000000000000003845903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2933bc4010c3e442021-12-22 11:45:49.944root 11241100x80000000000000003845904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee27687b1cc507b2021-12-22 11:45:49.944root 11241100x80000000000000003845905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9eb0aff20f013f2021-12-22 11:45:49.944root 11241100x80000000000000003845906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7202aa39d7ea86b2021-12-22 11:45:49.945root 11241100x80000000000000003845907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e471a75032dad12021-12-22 11:45:49.946root 11241100x80000000000000003845908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cf63f7033e75a82021-12-22 11:45:49.946root 11241100x80000000000000003845909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b046a942b16f06e2021-12-22 11:45:49.946root 11241100x80000000000000003845910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c60bd9d66778f432021-12-22 11:45:49.946root 11241100x80000000000000003845911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad8743d87a8651c2021-12-22 11:45:49.946root 11241100x80000000000000003845912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4461fa1fac3bb7c2021-12-22 11:45:49.946root 11241100x80000000000000003845913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8fef6a3a6e56772021-12-22 11:45:49.947root 11241100x80000000000000003845914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a953cb9028ee5502021-12-22 11:45:49.947root 11241100x80000000000000003845915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2f995dbd84338e2021-12-22 11:45:49.947root 11241100x80000000000000003845916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dc7bde639303c82021-12-22 11:45:49.947root 11241100x80000000000000003845917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baafc4bf53bb546d2021-12-22 11:45:50.443root 11241100x80000000000000003845918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805349383b2192352021-12-22 11:45:50.443root 11241100x80000000000000003845919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e75f59eed205852021-12-22 11:45:50.443root 11241100x80000000000000003845920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e356162c9857d9572021-12-22 11:45:50.444root 11241100x80000000000000003845921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9ea04a3a0a9a7a2021-12-22 11:45:50.444root 11241100x80000000000000003845922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aaa349c2e1d9372021-12-22 11:45:50.444root 11241100x80000000000000003845923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a553df4839b0832021-12-22 11:45:50.444root 11241100x80000000000000003845924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f01cebab56d6a6012021-12-22 11:45:50.444root 11241100x80000000000000003845925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7e83c64b6b0d3b2021-12-22 11:45:50.444root 11241100x80000000000000003845926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4570a24059ea72a2021-12-22 11:45:50.444root 11241100x80000000000000003845927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f3b2dd4c200662021-12-22 11:45:50.445root 11241100x80000000000000003845928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47a7549b5db4d152021-12-22 11:45:50.445root 11241100x80000000000000003845929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1034e4736ed9d5b02021-12-22 11:45:50.445root 11241100x80000000000000003845930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496bc3dfb75af44f2021-12-22 11:45:50.445root 11241100x80000000000000003845931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17341d758e349c832021-12-22 11:45:50.445root 11241100x80000000000000003845932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bce85d49af0e302021-12-22 11:45:50.943root 11241100x80000000000000003845933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19272b48fbd119c32021-12-22 11:45:50.943root 11241100x80000000000000003845934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c00c776555d8f432021-12-22 11:45:50.943root 11241100x80000000000000003845935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e0f88b94d48d372021-12-22 11:45:50.943root 11241100x80000000000000003845936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861f4c5b6f9186722021-12-22 11:45:50.943root 11241100x80000000000000003845937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e874833c594f858e2021-12-22 11:45:50.943root 11241100x80000000000000003845938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ece6243cc0a09e12021-12-22 11:45:50.943root 11241100x80000000000000003845939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3161c4b265d3de2021-12-22 11:45:50.944root 11241100x80000000000000003845940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83af8491da2bcd12021-12-22 11:45:50.944root 11241100x80000000000000003845941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d10df8105a043f2021-12-22 11:45:50.944root 11241100x80000000000000003845942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2b12930c2a89d02021-12-22 11:45:50.944root 11241100x80000000000000003845943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de267e5e8ed5d062021-12-22 11:45:50.944root 11241100x80000000000000003845944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ee81aca4528b6a2021-12-22 11:45:50.944root 11241100x80000000000000003845945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8b92badf69a02f2021-12-22 11:45:50.944root 11241100x80000000000000003845946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd653c8c983c29b2021-12-22 11:45:50.944root 354300x80000000000000003845947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55420-false10.0.1.12-8000- 11241100x80000000000000003845948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3282d25dc775fa2021-12-22 11:45:51.443root 11241100x80000000000000003845949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7267bbcf1bde552021-12-22 11:45:51.443root 11241100x80000000000000003845950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f073ea6c64d193432021-12-22 11:45:51.443root 11241100x80000000000000003845951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94614f179c1171832021-12-22 11:45:51.443root 11241100x80000000000000003845952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803a4f4f861aaeb42021-12-22 11:45:51.444root 11241100x80000000000000003845953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd4f71f83c0fa82021-12-22 11:45:51.444root 11241100x80000000000000003845954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c176d004713c212021-12-22 11:45:51.444root 11241100x80000000000000003845955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb22309ff270f8a2021-12-22 11:45:51.444root 11241100x80000000000000003845956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019d8543717739b72021-12-22 11:45:51.444root 11241100x80000000000000003845957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9b8befc7b2d5282021-12-22 11:45:51.444root 11241100x80000000000000003845958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67935182b011482021-12-22 11:45:51.444root 11241100x80000000000000003845959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419be8c2be659b032021-12-22 11:45:51.445root 11241100x80000000000000003845960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3ff6ec7929b9752021-12-22 11:45:51.445root 11241100x80000000000000003845961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d629f17a12885762021-12-22 11:45:51.446root 11241100x80000000000000003845962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa2cf2e02e091342021-12-22 11:45:51.446root 11241100x80000000000000003845963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90eff6146b864392021-12-22 11:45:51.446root 11241100x80000000000000003845964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f4a3fee7d966832021-12-22 11:45:51.943root 11241100x80000000000000003845965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b321d40f094c162021-12-22 11:45:51.943root 11241100x80000000000000003845966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e92bffca161ea22021-12-22 11:45:51.943root 11241100x80000000000000003845967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba6f699f10a80422021-12-22 11:45:51.943root 11241100x80000000000000003845968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baec89c143e637e62021-12-22 11:45:51.944root 11241100x80000000000000003845969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70daf60061fdfb82021-12-22 11:45:51.944root 11241100x80000000000000003845970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcabc24e07d62782021-12-22 11:45:51.944root 11241100x80000000000000003845971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455e6706b8de7bf22021-12-22 11:45:51.944root 11241100x80000000000000003845972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb7920db6974ee02021-12-22 11:45:51.944root 11241100x80000000000000003845973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4be2917b09456c52021-12-22 11:45:51.944root 11241100x80000000000000003845974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5aae5ac3c503e72021-12-22 11:45:51.944root 11241100x80000000000000003845975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b19f1d87c23ce52021-12-22 11:45:51.944root 11241100x80000000000000003845976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb6d22bcbe70ddd92021-12-22 11:45:51.945root 11241100x80000000000000003845977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0791c3cb78f636242021-12-22 11:45:51.945root 11241100x80000000000000003845978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4468066b9b6caa8a2021-12-22 11:45:51.945root 11241100x80000000000000003845979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec73c91b220269d2021-12-22 11:45:51.945root 11241100x80000000000000003845980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d187624c78358b2021-12-22 11:45:52.444root 11241100x80000000000000003845981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106c841780350eb02021-12-22 11:45:52.444root 11241100x80000000000000003845982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699da849c37138ac2021-12-22 11:45:52.444root 11241100x80000000000000003845983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3692607729b6a12021-12-22 11:45:52.444root 11241100x80000000000000003845984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c381ea9af273dae72021-12-22 11:45:52.444root 11241100x80000000000000003845985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f801a07e0020202021-12-22 11:45:52.445root 11241100x80000000000000003845986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98955483682852992021-12-22 11:45:52.445root 11241100x80000000000000003845987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a44dd6c5cf33ff62021-12-22 11:45:52.445root 11241100x80000000000000003845988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f2beac0bed547a2021-12-22 11:45:52.445root 11241100x80000000000000003845989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796848152ed2619e2021-12-22 11:45:52.445root 11241100x80000000000000003845990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65153564756ad6062021-12-22 11:45:52.445root 11241100x80000000000000003845991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0849e4b695b03c202021-12-22 11:45:52.445root 11241100x80000000000000003845992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a82078d7483cab2021-12-22 11:45:52.446root 11241100x80000000000000003845993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecec47337ebe23962021-12-22 11:45:52.446root 11241100x80000000000000003845994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0461ac1a34e8e48a2021-12-22 11:45:52.446root 11241100x80000000000000003845995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8126dbb86c79f52f2021-12-22 11:45:52.446root 11241100x80000000000000003845996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49e77564ca6d5232021-12-22 11:45:52.943root 11241100x80000000000000003845997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589c2bfcb4f6d6892021-12-22 11:45:52.943root 11241100x80000000000000003845998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f684f40cb98726092021-12-22 11:45:52.944root 11241100x80000000000000003845999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880ec7041602b7df2021-12-22 11:45:52.944root 11241100x80000000000000003846000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dc2e10e6bfeaa62021-12-22 11:45:52.944root 11241100x80000000000000003846001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe5a93d31eaa25a2021-12-22 11:45:52.944root 11241100x80000000000000003846002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11680d15ff373bff2021-12-22 11:45:52.945root 11241100x80000000000000003846003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a29c6c560b7ba6d2021-12-22 11:45:52.945root 11241100x80000000000000003846004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435c82b9e8b340352021-12-22 11:45:52.945root 11241100x80000000000000003846005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b6ebbe13093e572021-12-22 11:45:52.945root 11241100x80000000000000003846006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9538fea3a528694b2021-12-22 11:45:52.946root 11241100x80000000000000003846007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2393cf2ee684302021-12-22 11:45:52.946root 11241100x80000000000000003846008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e730e512a340ca692021-12-22 11:45:52.946root 11241100x80000000000000003846009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff7155613e2dc822021-12-22 11:45:52.947root 11241100x80000000000000003846010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b318afccd82696d22021-12-22 11:45:52.947root 11241100x80000000000000003846011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed595d1909c91f9e2021-12-22 11:45:52.947root 11241100x80000000000000003846012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd2d8cb9278d1102021-12-22 11:45:53.443root 11241100x80000000000000003846013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fdbf3a8d4a0b962021-12-22 11:45:53.443root 11241100x80000000000000003846014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3c7f092bb5ded32021-12-22 11:45:53.444root 11241100x80000000000000003846015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cf95a9fa04736b2021-12-22 11:45:53.444root 11241100x80000000000000003846016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ed14f1b4b6fe22021-12-22 11:45:53.444root 11241100x80000000000000003846017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ba31520211958c2021-12-22 11:45:53.444root 11241100x80000000000000003846018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba7167928112dc92021-12-22 11:45:53.444root 11241100x80000000000000003846019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595dabea44bac4132021-12-22 11:45:53.444root 11241100x80000000000000003846020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6783cd1dcf05e9ba2021-12-22 11:45:53.444root 11241100x80000000000000003846021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a2733263c9a3552021-12-22 11:45:53.444root 11241100x80000000000000003846022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d0c9be69e718262021-12-22 11:45:53.445root 11241100x80000000000000003846023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199a9e966e1465182021-12-22 11:45:53.445root 11241100x80000000000000003846024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941f164daa696e222021-12-22 11:45:53.445root 11241100x80000000000000003846025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5271f638882d782021-12-22 11:45:53.445root 11241100x80000000000000003846026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52c994f506c7f7e2021-12-22 11:45:53.445root 11241100x80000000000000003846027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b81f51edefed002021-12-22 11:45:53.445root 11241100x80000000000000003846028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbf10e2276dd6252021-12-22 11:45:53.943root 11241100x80000000000000003846029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdb1211500e76012021-12-22 11:45:53.943root 11241100x80000000000000003846030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41210faca5a0196f2021-12-22 11:45:53.943root 11241100x80000000000000003846031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722448c99f7bce212021-12-22 11:45:53.943root 11241100x80000000000000003846032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cdf276b93fd0f72021-12-22 11:45:53.944root 11241100x80000000000000003846033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c43ec53a0e93602021-12-22 11:45:53.944root 11241100x80000000000000003846034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b91f34a703bf1802021-12-22 11:45:53.944root 11241100x80000000000000003846035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ae83f89c293dc62021-12-22 11:45:53.944root 11241100x80000000000000003846036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892c7a88864060f02021-12-22 11:45:53.944root 11241100x80000000000000003846037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1c504fe88bf17c2021-12-22 11:45:53.944root 11241100x80000000000000003846038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1455654a3eb9dcdf2021-12-22 11:45:53.944root 11241100x80000000000000003846039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf43299bbc3d8522021-12-22 11:45:53.945root 11241100x80000000000000003846040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bde19623e9c83de2021-12-22 11:45:53.945root 11241100x80000000000000003846041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f063533205293ff2021-12-22 11:45:53.945root 11241100x80000000000000003846042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918d6567a67566532021-12-22 11:45:53.945root 11241100x80000000000000003846043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec953cd841f304b2021-12-22 11:45:53.945root 11241100x80000000000000003846044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54f0ffe2ce7c30a2021-12-22 11:45:54.443root 11241100x80000000000000003846045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e4621606c3f19c2021-12-22 11:45:54.443root 11241100x80000000000000003846046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b30fcc40a72422021-12-22 11:45:54.443root 11241100x80000000000000003846047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab4d203cf515ebd2021-12-22 11:45:54.443root 11241100x80000000000000003846048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c6464c7f8f9b7e2021-12-22 11:45:54.443root 11241100x80000000000000003846049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52129153c51254592021-12-22 11:45:54.444root 11241100x80000000000000003846050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bce35124b1c98bd2021-12-22 11:45:54.444root 11241100x80000000000000003846051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c095757fac4b36262021-12-22 11:45:54.444root 11241100x80000000000000003846052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8253dcb981878c752021-12-22 11:45:54.444root 11241100x80000000000000003846053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1d77b6c9c3b87a2021-12-22 11:45:54.444root 11241100x80000000000000003846054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3289bb881f120a32021-12-22 11:45:54.444root 11241100x80000000000000003846055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8baa6a08358dc202021-12-22 11:45:54.444root 11241100x80000000000000003846056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56660f6f18f8213e2021-12-22 11:45:54.444root 11241100x80000000000000003846057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14a3ac00e92308a2021-12-22 11:45:54.445root 11241100x80000000000000003846058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cee506da77e75842021-12-22 11:45:54.445root 11241100x80000000000000003846059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8416decbb4f0dc2021-12-22 11:45:54.445root 11241100x80000000000000003846060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be81eeabf9a29a62021-12-22 11:45:54.943root 11241100x80000000000000003846061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b9b3ae79a45af82021-12-22 11:45:54.943root 11241100x80000000000000003846062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18decaca62510b02021-12-22 11:45:54.944root 11241100x80000000000000003846063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c21c03c526bdc582021-12-22 11:45:54.944root 11241100x80000000000000003846064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6095faad0d5e62cc2021-12-22 11:45:54.944root 11241100x80000000000000003846065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fd643e72de92f02021-12-22 11:45:54.944root 11241100x80000000000000003846066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8937c507adb88052021-12-22 11:45:54.944root 11241100x80000000000000003846067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba5c6d45b6e22ff2021-12-22 11:45:54.945root 11241100x80000000000000003846068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df719208706ffcb2021-12-22 11:45:54.945root 11241100x80000000000000003846069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570347f2e7c6e5d72021-12-22 11:45:54.945root 11241100x80000000000000003846070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8329b5c20ef7e782021-12-22 11:45:54.945root 11241100x80000000000000003846071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2a54ce1ce2dd392021-12-22 11:45:54.945root 11241100x80000000000000003846072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813a2c2fc138f182021-12-22 11:45:54.945root 11241100x80000000000000003846073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf86abb3ffce0d2021-12-22 11:45:54.945root 11241100x80000000000000003846074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e3735b7a1c34872021-12-22 11:45:54.945root 11241100x80000000000000003846075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f908d31fadabda92021-12-22 11:45:54.945root 11241100x80000000000000003846076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0245bdfed00f23e52021-12-22 11:45:55.443root 11241100x80000000000000003846077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f76201845b51ab2021-12-22 11:45:55.443root 11241100x80000000000000003846078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c55b5bb1b601632021-12-22 11:45:55.443root 11241100x80000000000000003846079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882d69ca414584fc2021-12-22 11:45:55.443root 11241100x80000000000000003846080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af6aaee11a394e32021-12-22 11:45:55.443root 11241100x80000000000000003846081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8df646ddb4887582021-12-22 11:45:55.444root 11241100x80000000000000003846082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33c2b4cd0f628af2021-12-22 11:45:55.444root 11241100x80000000000000003846083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fe66b7155d64802021-12-22 11:45:55.444root 11241100x80000000000000003846084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d55bc6b4f6dcf62021-12-22 11:45:55.444root 11241100x80000000000000003846085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ea30a9411b13762021-12-22 11:45:55.444root 11241100x80000000000000003846086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20dbe6a64f56b9f2021-12-22 11:45:55.444root 11241100x80000000000000003846087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bf1ce972f264612021-12-22 11:45:55.444root 11241100x80000000000000003846088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00bf066eb3fb92e2021-12-22 11:45:55.444root 11241100x80000000000000003846089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e58c5b6fd62a1a02021-12-22 11:45:55.444root 11241100x80000000000000003846090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa91a28c3328d4692021-12-22 11:45:55.444root 11241100x80000000000000003846091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efad914e853196712021-12-22 11:45:55.445root 11241100x80000000000000003846092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6beb134e62804d182021-12-22 11:45:55.943root 11241100x80000000000000003846093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c307f4cb1093be2021-12-22 11:45:55.943root 11241100x80000000000000003846094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8730106d2aea67802021-12-22 11:45:55.943root 11241100x80000000000000003846095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8cd0e9714a4d922021-12-22 11:45:55.943root 11241100x80000000000000003846096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b35ac996acceb8a2021-12-22 11:45:55.943root 11241100x80000000000000003846097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7d5de2fdbda5452021-12-22 11:45:55.944root 11241100x80000000000000003846098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83ab8bfee08a83e2021-12-22 11:45:55.944root 11241100x80000000000000003846099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18e38f1c8ce2a272021-12-22 11:45:55.944root 11241100x80000000000000003846100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a861ba635d347202021-12-22 11:45:55.944root 11241100x80000000000000003846101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b06acd5e138f272021-12-22 11:45:55.944root 11241100x80000000000000003846102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bc915f91d387fd2021-12-22 11:45:55.944root 11241100x80000000000000003846103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dd16d2439ada722021-12-22 11:45:55.944root 11241100x80000000000000003846104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4c0b6ec920e8d62021-12-22 11:45:55.944root 11241100x80000000000000003846105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a433cdece99b2af2021-12-22 11:45:55.944root 11241100x80000000000000003846106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb4b7d69d01879c2021-12-22 11:45:55.944root 11241100x80000000000000003846107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aefde4763bbc572021-12-22 11:45:55.945root 354300x80000000000000003846108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55422-false10.0.1.12-8000- 11241100x80000000000000003846109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ec6a125109c4e72021-12-22 11:45:56.244root 11241100x80000000000000003846110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfb4554dff9f1262021-12-22 11:45:56.244root 11241100x80000000000000003846111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf6df836dc7ba192021-12-22 11:45:56.244root 11241100x80000000000000003846112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377b65e7501427e32021-12-22 11:45:56.245root 11241100x80000000000000003846113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76193603b9c75db32021-12-22 11:45:56.245root 11241100x80000000000000003846114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355ab79f45e887e52021-12-22 11:45:56.245root 11241100x80000000000000003846115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fc2c25296664992021-12-22 11:45:56.245root 11241100x80000000000000003846116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ae07933dcc2c172021-12-22 11:45:56.245root 11241100x80000000000000003846117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dade38a1dbd9d17c2021-12-22 11:45:56.245root 11241100x80000000000000003846118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90b483a97a823a62021-12-22 11:45:56.245root 11241100x80000000000000003846119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc7caa8079655062021-12-22 11:45:56.245root 11241100x80000000000000003846120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d143d216d5401d2021-12-22 11:45:56.245root 11241100x80000000000000003846121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812816c987f3b592021-12-22 11:45:56.245root 11241100x80000000000000003846122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628e382fae9acf8e2021-12-22 11:45:56.245root 11241100x80000000000000003846123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcb1f4eacc140632021-12-22 11:45:56.245root 11241100x80000000000000003846124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976a023125794a312021-12-22 11:45:56.245root 11241100x80000000000000003846125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175035c229732542021-12-22 11:45:56.245root 11241100x80000000000000003846126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432160c93d7bed862021-12-22 11:45:56.693root 11241100x80000000000000003846127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7bf8a17915dda12021-12-22 11:45:56.693root 11241100x80000000000000003846128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dffd219295ef8492021-12-22 11:45:56.693root 11241100x80000000000000003846129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de6b6372226a5582021-12-22 11:45:56.693root 11241100x80000000000000003846130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60abb2648da3ff732021-12-22 11:45:56.693root 11241100x80000000000000003846131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83292a41c926b5cc2021-12-22 11:45:56.693root 11241100x80000000000000003846132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff921eaaf95ab72021-12-22 11:45:56.693root 11241100x80000000000000003846133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6a3c62e9e129f72021-12-22 11:45:56.693root 11241100x80000000000000003846134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5481056837748cd62021-12-22 11:45:56.694root 11241100x80000000000000003846135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14caca4a3c1058262021-12-22 11:45:56.694root 11241100x80000000000000003846136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03568e10b0bb6e8c2021-12-22 11:45:56.694root 11241100x80000000000000003846137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524af709367296422021-12-22 11:45:56.694root 11241100x80000000000000003846138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9af935a9b451542021-12-22 11:45:56.694root 11241100x80000000000000003846139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bdac1885847dc22021-12-22 11:45:56.694root 11241100x80000000000000003846140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9e966fe577be72021-12-22 11:45:56.694root 11241100x80000000000000003846141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5340c79dabb83fa72021-12-22 11:45:56.694root 11241100x80000000000000003846142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5553ddf575cbc32021-12-22 11:45:56.694root 11241100x80000000000000003846143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5454a1f6e6557e2021-12-22 11:45:57.193root 11241100x80000000000000003846144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650082b898d9ca382021-12-22 11:45:57.193root 11241100x80000000000000003846145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7218d719683da72021-12-22 11:45:57.194root 11241100x80000000000000003846146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4a1cc929c373522021-12-22 11:45:57.194root 11241100x80000000000000003846147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d53c1564b742442021-12-22 11:45:57.194root 11241100x80000000000000003846148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44aadabacc9c6252021-12-22 11:45:57.194root 11241100x80000000000000003846149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db1bb45fd6e4f32021-12-22 11:45:57.194root 11241100x80000000000000003846150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f87f9c8004bab442021-12-22 11:45:57.194root 11241100x80000000000000003846151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673419e25bb54e962021-12-22 11:45:57.195root 11241100x80000000000000003846152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1abbfcef439c412021-12-22 11:45:57.195root 11241100x80000000000000003846153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84df4b5817aee7c2021-12-22 11:45:57.195root 11241100x80000000000000003846154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a82d67656a3bf182021-12-22 11:45:57.195root 11241100x80000000000000003846155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88ed27001da22732021-12-22 11:45:57.195root 11241100x80000000000000003846156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af4f1e448036e8f2021-12-22 11:45:57.195root 11241100x80000000000000003846157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3825d126fc6ad4f12021-12-22 11:45:57.196root 11241100x80000000000000003846158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476e12170a67523d2021-12-22 11:45:57.196root 11241100x80000000000000003846159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6258af529331fe2021-12-22 11:45:57.196root 11241100x80000000000000003846160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c313c52d5e5c122021-12-22 11:45:57.693root 11241100x80000000000000003846161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84cb055bbcf81c872021-12-22 11:45:57.693root 11241100x80000000000000003846162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fbd41f6de3d39f2021-12-22 11:45:57.693root 11241100x80000000000000003846163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1752adb5005b2fb72021-12-22 11:45:57.694root 11241100x80000000000000003846164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a143868e06a09f2021-12-22 11:45:57.695root 11241100x80000000000000003846165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53598a5fe0570f062021-12-22 11:45:57.695root 11241100x80000000000000003846166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6a51f55ac3c8b42021-12-22 11:45:57.695root 11241100x80000000000000003846167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a97da17cc3ca2f32021-12-22 11:45:57.696root 11241100x80000000000000003846168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35be13095f8a91a82021-12-22 11:45:57.697root 11241100x80000000000000003846169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bac094815485d082021-12-22 11:45:57.697root 11241100x80000000000000003846170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4ff996e66f14d12021-12-22 11:45:57.698root 11241100x80000000000000003846171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9ad2706b21d8322021-12-22 11:45:57.698root 11241100x80000000000000003846172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317338bfb56c01d82021-12-22 11:45:57.698root 11241100x80000000000000003846173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a956674c0fb4a9d82021-12-22 11:45:57.698root 11241100x80000000000000003846174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58bbd336c667c1c42021-12-22 11:45:57.699root 11241100x80000000000000003846175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d8ff49457c01e22021-12-22 11:45:57.699root 11241100x80000000000000003846176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:57.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677b87eb7ee03c802021-12-22 11:45:57.699root 11241100x80000000000000003846177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcdd33c657de7122021-12-22 11:45:58.193root 11241100x80000000000000003846178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2e1216f8b39b392021-12-22 11:45:58.193root 11241100x80000000000000003846179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c224ef302fdb7c6c2021-12-22 11:45:58.193root 11241100x80000000000000003846180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f799b55e40032d42021-12-22 11:45:58.193root 11241100x80000000000000003846181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80fe949042582602021-12-22 11:45:58.193root 11241100x80000000000000003846182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e9e9945dc9053e2021-12-22 11:45:58.194root 11241100x80000000000000003846183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafbbcb6d3dea5a2021-12-22 11:45:58.194root 11241100x80000000000000003846184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc5add294ab83892021-12-22 11:45:58.194root 11241100x80000000000000003846185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7e5769c0893f602021-12-22 11:45:58.194root 11241100x80000000000000003846186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181018a89fc75e152021-12-22 11:45:58.194root 11241100x80000000000000003846187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566e5c0f88784b0b2021-12-22 11:45:58.194root 11241100x80000000000000003846188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fca8110851c93952021-12-22 11:45:58.194root 11241100x80000000000000003846189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2210f94441192722021-12-22 11:45:58.194root 11241100x80000000000000003846190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a29e90528fd0ca2021-12-22 11:45:58.194root 11241100x80000000000000003846191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd7995e30d227692021-12-22 11:45:58.194root 11241100x80000000000000003846192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b90cc08c38cdf72021-12-22 11:45:58.194root 11241100x80000000000000003846193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338aabf566e596b62021-12-22 11:45:58.194root 11241100x80000000000000003846194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825e887efbbf13012021-12-22 11:45:58.693root 11241100x80000000000000003846195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b0269f74b8f8982021-12-22 11:45:58.693root 11241100x80000000000000003846196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e6d3c0e9bc9e902021-12-22 11:45:58.693root 11241100x80000000000000003846197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf59daff81018acc2021-12-22 11:45:58.693root 11241100x80000000000000003846198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaccdbbeb0fa8682021-12-22 11:45:58.693root 11241100x80000000000000003846199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332c99a1544b96052021-12-22 11:45:58.694root 11241100x80000000000000003846200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78256da223337b702021-12-22 11:45:58.694root 11241100x80000000000000003846201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3555dd4d64e259f2021-12-22 11:45:58.694root 11241100x80000000000000003846202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bba6e0d397dcb652021-12-22 11:45:58.694root 11241100x80000000000000003846203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c5836ba4117bc72021-12-22 11:45:58.694root 11241100x80000000000000003846204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19cb025346711072021-12-22 11:45:58.694root 11241100x80000000000000003846205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170ff481202318af2021-12-22 11:45:58.694root 11241100x80000000000000003846206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffe9d5bf9ca460b2021-12-22 11:45:58.694root 11241100x80000000000000003846207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb76df6f1e832a32021-12-22 11:45:58.694root 11241100x80000000000000003846208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821e80d2a5f5cd222021-12-22 11:45:58.694root 11241100x80000000000000003846209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0be5051975ea9bf2021-12-22 11:45:58.694root 11241100x80000000000000003846210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b1c856c0c3cb862021-12-22 11:45:58.694root 11241100x80000000000000003846211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37068555cdaaf6bb2021-12-22 11:45:59.193root 11241100x80000000000000003846212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6b22b0673fe0db2021-12-22 11:45:59.193root 11241100x80000000000000003846213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58de23e5233d0d242021-12-22 11:45:59.194root 11241100x80000000000000003846214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ec1a8256a3859a2021-12-22 11:45:59.194root 11241100x80000000000000003846215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83572949d4752e872021-12-22 11:45:59.194root 11241100x80000000000000003846216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90a352fd2fa4bd22021-12-22 11:45:59.194root 11241100x80000000000000003846217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fe49887d7d7cfa2021-12-22 11:45:59.194root 11241100x80000000000000003846218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45aeca0c52f2e7e2021-12-22 11:45:59.195root 11241100x80000000000000003846219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e247642751557b32021-12-22 11:45:59.195root 11241100x80000000000000003846220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd61eba625c25c32021-12-22 11:45:59.195root 11241100x80000000000000003846221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c6b9bf2809d1a32021-12-22 11:45:59.195root 11241100x80000000000000003846222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d374ace2da013e882021-12-22 11:45:59.195root 11241100x80000000000000003846223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115e4f52009cfc322021-12-22 11:45:59.195root 11241100x80000000000000003846224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f789ff0172d9213b2021-12-22 11:45:59.195root 11241100x80000000000000003846225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb60b3dd974562272021-12-22 11:45:59.195root 11241100x80000000000000003846226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db3c15e214e691f2021-12-22 11:45:59.195root 11241100x80000000000000003846227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f614c0533735e97d2021-12-22 11:45:59.195root 11241100x80000000000000003846228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c04bc5abc00a2c82021-12-22 11:45:59.693root 11241100x80000000000000003846229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a75979a1870c1732021-12-22 11:45:59.693root 11241100x80000000000000003846230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd015b4182aa3d122021-12-22 11:45:59.693root 11241100x80000000000000003846231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21cdc8188a5122f2021-12-22 11:45:59.693root 11241100x80000000000000003846232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e0b3f2121decdb2021-12-22 11:45:59.693root 11241100x80000000000000003846233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e38127704aefb02021-12-22 11:45:59.693root 11241100x80000000000000003846234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d37485ee394c952021-12-22 11:45:59.693root 11241100x80000000000000003846235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bcc225acd205d32021-12-22 11:45:59.693root 11241100x80000000000000003846236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f64ccbd9780062021-12-22 11:45:59.694root 11241100x80000000000000003846237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f63ea47ccc154172021-12-22 11:45:59.694root 11241100x80000000000000003846238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f479b7dbbc4e152021-12-22 11:45:59.694root 11241100x80000000000000003846239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddbfad1718633a62021-12-22 11:45:59.694root 11241100x80000000000000003846240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91b85d0f112a5e2021-12-22 11:45:59.694root 11241100x80000000000000003846241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad4bfffe29631b12021-12-22 11:45:59.694root 11241100x80000000000000003846242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7692d5818b81f9e72021-12-22 11:45:59.694root 11241100x80000000000000003846243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13042aaa06e8d3a2021-12-22 11:45:59.695root 11241100x80000000000000003846244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de50b41a35ed47e2021-12-22 11:45:59.695root 11241100x80000000000000003846245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51af8d463c86629e2021-12-22 11:45:59.695root 11241100x80000000000000003846246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bbcdea1f57d8702021-12-22 11:45:59.695root 11241100x80000000000000003846247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:45:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ca43ae7e2e4212021-12-22 11:45:59.695root 11241100x80000000000000003846248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a1e7674981c8e22021-12-22 11:46:00.193root 11241100x80000000000000003846249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c8abc3272ede372021-12-22 11:46:00.193root 11241100x80000000000000003846250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addc4ad4fa3fc39c2021-12-22 11:46:00.193root 11241100x80000000000000003846251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf7fbbc82e6c80f2021-12-22 11:46:00.193root 11241100x80000000000000003846252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ddb08cf628bb5b2021-12-22 11:46:00.194root 11241100x80000000000000003846253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c379feff83baea2021-12-22 11:46:00.194root 11241100x80000000000000003846254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a356c2a2c5c9a4552021-12-22 11:46:00.194root 11241100x80000000000000003846255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bfbbe7011619bb2021-12-22 11:46:00.194root 11241100x80000000000000003846256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3073e3f9cab2e1192021-12-22 11:46:00.194root 11241100x80000000000000003846257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd9b5621ccc20972021-12-22 11:46:00.194root 11241100x80000000000000003846258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6350192eaf86e942021-12-22 11:46:00.195root 11241100x80000000000000003846259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013f6d19cde90a412021-12-22 11:46:00.195root 11241100x80000000000000003846260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cc282d868878b52021-12-22 11:46:00.195root 11241100x80000000000000003846261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1652809f135a8c2021-12-22 11:46:00.195root 11241100x80000000000000003846262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71172b13e12d0b272021-12-22 11:46:00.195root 11241100x80000000000000003846263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab7cf726a78796a2021-12-22 11:46:00.196root 11241100x80000000000000003846264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f141cc2ae5ecf6bc2021-12-22 11:46:00.196root 11241100x80000000000000003846265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa67ae3384a90e62021-12-22 11:46:00.693root 11241100x80000000000000003846266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a1d1cbf5a2f7efa2021-12-22 11:46:00.693root 11241100x80000000000000003846267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe227971e81224a2021-12-22 11:46:00.693root 11241100x80000000000000003846268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b79c91f2d7c5c82021-12-22 11:46:00.693root 11241100x80000000000000003846269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13db50d70398446b2021-12-22 11:46:00.693root 11241100x80000000000000003846270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6721c87cf540ad902021-12-22 11:46:00.693root 11241100x80000000000000003846271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961f720a288ef5072021-12-22 11:46:00.693root 11241100x80000000000000003846272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f514ba36cdee242021-12-22 11:46:00.694root 11241100x80000000000000003846273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d799169ef5faab2021-12-22 11:46:00.694root 11241100x80000000000000003846274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053782708ef5ff112021-12-22 11:46:00.694root 11241100x80000000000000003846275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4cb4ff2bd95a492021-12-22 11:46:00.694root 11241100x80000000000000003846276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb93d7432716af42021-12-22 11:46:00.694root 11241100x80000000000000003846277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d2b7f0a48208942021-12-22 11:46:00.694root 11241100x80000000000000003846278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df0bdff1ae9f3f12021-12-22 11:46:00.694root 11241100x80000000000000003846279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358e444a12e261b22021-12-22 11:46:00.694root 11241100x80000000000000003846280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87556cd53e77f7b62021-12-22 11:46:00.694root 11241100x80000000000000003846281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0785a6a5e9bec12f2021-12-22 11:46:00.694root 11241100x80000000000000003846282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b554097ccf0c5a772021-12-22 11:46:01.193root 11241100x80000000000000003846283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57ebe7450b12a172021-12-22 11:46:01.193root 11241100x80000000000000003846284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee49ff3b2e5adbff2021-12-22 11:46:01.193root 11241100x80000000000000003846285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b64271d7abc99c42021-12-22 11:46:01.193root 11241100x80000000000000003846286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2af407cc427f26f2021-12-22 11:46:01.193root 11241100x80000000000000003846287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42cc11c83796e532021-12-22 11:46:01.194root 11241100x80000000000000003846288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168d0f6f98864bab2021-12-22 11:46:01.194root 11241100x80000000000000003846289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f81e633a58bb8d82021-12-22 11:46:01.194root 11241100x80000000000000003846290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f9712204e1d7392021-12-22 11:46:01.194root 11241100x80000000000000003846291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7058c8637d1c19b12021-12-22 11:46:01.194root 11241100x80000000000000003846292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9434984108adc0222021-12-22 11:46:01.194root 11241100x80000000000000003846293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d69aeefd87189882021-12-22 11:46:01.194root 11241100x80000000000000003846294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b59aa0ae7cb5c32021-12-22 11:46:01.194root 11241100x80000000000000003846295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159d3b8edc32f5502021-12-22 11:46:01.194root 11241100x80000000000000003846296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6163a516ffd1072021-12-22 11:46:01.194root 11241100x80000000000000003846297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9de47dff469f532021-12-22 11:46:01.195root 11241100x80000000000000003846298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fd61473cf99cb22021-12-22 11:46:01.195root 11241100x80000000000000003846299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2398a1c872af8a2021-12-22 11:46:01.693root 11241100x80000000000000003846300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c4c08e1a8c681c2021-12-22 11:46:01.693root 11241100x80000000000000003846301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87a54f5227aff6e2021-12-22 11:46:01.693root 11241100x80000000000000003846302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65dc5eb50948e472021-12-22 11:46:01.693root 11241100x80000000000000003846303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8df9652de24eb592021-12-22 11:46:01.693root 11241100x80000000000000003846304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4986c07a1f55b5872021-12-22 11:46:01.693root 11241100x80000000000000003846305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5bcaffabebb8de2021-12-22 11:46:01.693root 11241100x80000000000000003846306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcfece0eaacda3f2021-12-22 11:46:01.694root 11241100x80000000000000003846307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5ceda3fa1132722021-12-22 11:46:01.694root 11241100x80000000000000003846308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67a98b44c73bd052021-12-22 11:46:01.694root 11241100x80000000000000003846309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288d33b83e48d3a02021-12-22 11:46:01.694root 11241100x80000000000000003846310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685732c50b45d4332021-12-22 11:46:01.694root 11241100x80000000000000003846311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2781eb372655d72021-12-22 11:46:01.694root 11241100x80000000000000003846312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c475737788e9bd2021-12-22 11:46:01.694root 11241100x80000000000000003846313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c150ace2b71235512021-12-22 11:46:01.695root 11241100x80000000000000003846314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e081f25a236579e2021-12-22 11:46:01.695root 11241100x80000000000000003846315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20adc50944d9844a2021-12-22 11:46:01.695root 354300x80000000000000003846316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55424-false10.0.1.12-8000- 11241100x80000000000000003846317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6221c12a8d05a8862021-12-22 11:46:02.043root 11241100x80000000000000003846318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216e2d3c8a83a3662021-12-22 11:46:02.044root 11241100x80000000000000003846319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455c74b02f49b9762021-12-22 11:46:02.044root 11241100x80000000000000003846320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246fff57e8fcd6402021-12-22 11:46:02.044root 11241100x80000000000000003846321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f775582e7de37e2021-12-22 11:46:02.044root 11241100x80000000000000003846322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e3a134bdb11bd2021-12-22 11:46:02.044root 11241100x80000000000000003846323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2607a0aef38e223b2021-12-22 11:46:02.044root 11241100x80000000000000003846324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff223ff72cb86a92021-12-22 11:46:02.044root 11241100x80000000000000003846325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b835854a1946d1622021-12-22 11:46:02.044root 11241100x80000000000000003846326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa6913ab5f17b6d2021-12-22 11:46:02.044root 11241100x80000000000000003846327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45818b897c459142021-12-22 11:46:02.045root 11241100x80000000000000003846328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9405865f370d48072021-12-22 11:46:02.045root 11241100x80000000000000003846329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2645a6c7f53a8f02021-12-22 11:46:02.045root 11241100x80000000000000003846330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea08c92fb5f8a7c52021-12-22 11:46:02.045root 11241100x80000000000000003846331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573d7e3f138892332021-12-22 11:46:02.045root 11241100x80000000000000003846332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c177e62772b8372021-12-22 11:46:02.045root 11241100x80000000000000003846333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ca32eaad538d452021-12-22 11:46:02.045root 11241100x80000000000000003846334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6a6252cadf22ac2021-12-22 11:46:02.046root 11241100x80000000000000003846335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ebb7c82b9cae9b2021-12-22 11:46:02.046root 11241100x80000000000000003846336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b01ece67e1603c2021-12-22 11:46:02.046root 11241100x80000000000000003846337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c540c3c7849071c2021-12-22 11:46:02.046root 11241100x80000000000000003846338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0a8c9eb135ff552021-12-22 11:46:02.046root 11241100x80000000000000003846339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d3f71540a340072021-12-22 11:46:02.443root 11241100x80000000000000003846340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f5cb790bbc09f2021-12-22 11:46:02.443root 11241100x80000000000000003846341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4996ed7c52481dc22021-12-22 11:46:02.444root 11241100x80000000000000003846342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197624a351224d322021-12-22 11:46:02.444root 11241100x80000000000000003846343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ea257e886a6bd52021-12-22 11:46:02.444root 11241100x80000000000000003846344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdd3b8b7991c5b32021-12-22 11:46:02.444root 11241100x80000000000000003846345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1db35fe06a605cd2021-12-22 11:46:02.444root 11241100x80000000000000003846346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76897edbd85445b2021-12-22 11:46:02.444root 11241100x80000000000000003846347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41539b435f24e5382021-12-22 11:46:02.444root 11241100x80000000000000003846348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad9b4e86f5620f2021-12-22 11:46:02.444root 11241100x80000000000000003846349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2669f4301d45580c2021-12-22 11:46:02.445root 11241100x80000000000000003846350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7dbada8ab79f962021-12-22 11:46:02.445root 11241100x80000000000000003846351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eb080bab1f743e2021-12-22 11:46:02.445root 11241100x80000000000000003846352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f22f80d6abae0082021-12-22 11:46:02.445root 11241100x80000000000000003846353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166b4e97f64055b52021-12-22 11:46:02.445root 11241100x80000000000000003846354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02ffd250fca8fdb02021-12-22 11:46:02.445root 11241100x80000000000000003846355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32333acdbdf85f0a2021-12-22 11:46:02.446root 11241100x80000000000000003846356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acacd1cb7d1b9152021-12-22 11:46:02.446root 11241100x80000000000000003846357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8a0d37a99108bd2021-12-22 11:46:02.943root 11241100x80000000000000003846358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5749e61705cb1f02021-12-22 11:46:02.943root 11241100x80000000000000003846359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb08422d2cb2f352021-12-22 11:46:02.944root 11241100x80000000000000003846360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a4e73137ad1f902021-12-22 11:46:02.944root 11241100x80000000000000003846361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94bc822904e3c55d2021-12-22 11:46:02.944root 11241100x80000000000000003846362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc2acf30bff44fc2021-12-22 11:46:02.945root 11241100x80000000000000003846363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5021c5229bd808b2021-12-22 11:46:02.945root 11241100x80000000000000003846364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7c3707343da3352021-12-22 11:46:02.946root 11241100x80000000000000003846365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a031d7a02b5c062021-12-22 11:46:02.946root 11241100x80000000000000003846366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f46ff3766bdb86d2021-12-22 11:46:02.946root 11241100x80000000000000003846367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4982fea1b6e2343e2021-12-22 11:46:02.946root 11241100x80000000000000003846368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b15179f3f52d4502021-12-22 11:46:02.947root 11241100x80000000000000003846369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a703a9c3877ae72021-12-22 11:46:02.947root 11241100x80000000000000003846370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b3a43c65c9412d2021-12-22 11:46:02.947root 11241100x80000000000000003846371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69df0b2ccf951de82021-12-22 11:46:02.947root 11241100x80000000000000003846372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd2f539c558d7ed2021-12-22 11:46:02.947root 11241100x80000000000000003846373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e5989d83195cb72021-12-22 11:46:02.947root 11241100x80000000000000003846374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fdacf1427b5c5d2021-12-22 11:46:02.948root 11241100x80000000000000003846375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:46:03.144root 11241100x80000000000000003846376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2c78eeff95abdb2021-12-22 11:46:03.443root 11241100x80000000000000003846377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9419fd628f4ba43b2021-12-22 11:46:03.443root 11241100x80000000000000003846378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acd89e1968af9a32021-12-22 11:46:03.443root 11241100x80000000000000003846379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826d81c5c0087ceb2021-12-22 11:46:03.443root 11241100x80000000000000003846380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e238451872682f2021-12-22 11:46:03.444root 11241100x80000000000000003846381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800604bae20c2c52021-12-22 11:46:03.444root 11241100x80000000000000003846382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33af132b76ce35a32021-12-22 11:46:03.444root 11241100x80000000000000003846383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9aaa1205c54702021-12-22 11:46:03.444root 11241100x80000000000000003846384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359dff7b465e1f4b2021-12-22 11:46:03.444root 11241100x80000000000000003846385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ffa93742cec1b82021-12-22 11:46:03.444root 11241100x80000000000000003846386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f62c250954b7332021-12-22 11:46:03.444root 11241100x80000000000000003846387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c12c053fdf95632021-12-22 11:46:03.444root 11241100x80000000000000003846388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fa0d96d10c5a1a2021-12-22 11:46:03.444root 11241100x80000000000000003846389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61a1d134827c6022021-12-22 11:46:03.444root 11241100x80000000000000003846390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a3da788f4a99d02021-12-22 11:46:03.444root 11241100x80000000000000003846391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4f3064811564cb2021-12-22 11:46:03.445root 11241100x80000000000000003846392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d897180440370c2021-12-22 11:46:03.445root 11241100x80000000000000003846393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4405eced2d7a822021-12-22 11:46:03.445root 11241100x80000000000000003846394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e422cc3df2c839d2021-12-22 11:46:03.445root 11241100x80000000000000003846395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6862b7dcce324d82021-12-22 11:46:03.943root 11241100x80000000000000003846396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43482ce282186c2021-12-22 11:46:03.943root 11241100x80000000000000003846397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e3eb5f654e7f732021-12-22 11:46:03.944root 11241100x80000000000000003846398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e77ecb6ca4b6aef2021-12-22 11:46:03.944root 11241100x80000000000000003846399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8703a5a110a5dffa2021-12-22 11:46:03.944root 11241100x80000000000000003846400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265549de4a814f282021-12-22 11:46:03.944root 11241100x80000000000000003846401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a015e75111929b3c2021-12-22 11:46:03.944root 11241100x80000000000000003846402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808d2777071fcb9e2021-12-22 11:46:03.945root 11241100x80000000000000003846403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb71e78ad7401072021-12-22 11:46:03.945root 11241100x80000000000000003846404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b3e7a32f281652021-12-22 11:46:03.945root 11241100x80000000000000003846405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59010ef9fd1d2742021-12-22 11:46:03.945root 11241100x80000000000000003846406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d930484ce8ad892021-12-22 11:46:03.946root 11241100x80000000000000003846407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e81ae1269c2c02021-12-22 11:46:03.946root 11241100x80000000000000003846408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e92a3d74e752822021-12-22 11:46:03.946root 11241100x80000000000000003846409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7fc52f7a90f8dc2021-12-22 11:46:03.946root 11241100x80000000000000003846410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58aeb4a82ad4e7b22021-12-22 11:46:03.947root 11241100x80000000000000003846411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2af8ee23c0d4e722021-12-22 11:46:03.947root 11241100x80000000000000003846412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a833e432fb82172021-12-22 11:46:03.947root 11241100x80000000000000003846413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbae2e004cc05c72021-12-22 11:46:03.947root 11241100x80000000000000003846414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f911e51b57ef4422021-12-22 11:46:04.443root 11241100x80000000000000003846415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e531fbdc5396d0b2021-12-22 11:46:04.443root 11241100x80000000000000003846416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d889598207b5f62021-12-22 11:46:04.444root 11241100x80000000000000003846417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cc41174b7fc2782021-12-22 11:46:04.444root 11241100x80000000000000003846418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6eaf22fb2267742021-12-22 11:46:04.444root 11241100x80000000000000003846419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2352a19425107502021-12-22 11:46:04.444root 11241100x80000000000000003846420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c5dd5f7fec955a2021-12-22 11:46:04.444root 11241100x80000000000000003846421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3242c2de74cd332021-12-22 11:46:04.444root 11241100x80000000000000003846422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0998e4b27994652021-12-22 11:46:04.445root 11241100x80000000000000003846423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8417117c5f539fc82021-12-22 11:46:04.445root 11241100x80000000000000003846424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d60bd8edd1cc2b2021-12-22 11:46:04.445root 11241100x80000000000000003846425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5816637bcffc14702021-12-22 11:46:04.445root 11241100x80000000000000003846426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403c30903708c6f72021-12-22 11:46:04.445root 11241100x80000000000000003846427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5548f155e3748792021-12-22 11:46:04.445root 11241100x80000000000000003846428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee14901a5a38ac1f2021-12-22 11:46:04.445root 11241100x80000000000000003846429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabb3763d7a1eaa02021-12-22 11:46:04.445root 11241100x80000000000000003846430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57eb18726115ec232021-12-22 11:46:04.446root 11241100x80000000000000003846431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c1651a155225c12021-12-22 11:46:04.446root 11241100x80000000000000003846432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fb85b5525d2bbd2021-12-22 11:46:04.446root 11241100x80000000000000003846433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d77df70031b7d82021-12-22 11:46:04.943root 11241100x80000000000000003846434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b117cabb1e774332021-12-22 11:46:04.943root 11241100x80000000000000003846435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995a233b0b23aa5f2021-12-22 11:46:04.943root 11241100x80000000000000003846436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6f57ce57355a4f2021-12-22 11:46:04.943root 11241100x80000000000000003846437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe175417e37bf422021-12-22 11:46:04.944root 11241100x80000000000000003846438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def0eb0ef5213ecc2021-12-22 11:46:04.944root 11241100x80000000000000003846439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1530bc9b49b0ea2021-12-22 11:46:04.944root 11241100x80000000000000003846440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e90ea98922187912021-12-22 11:46:04.944root 11241100x80000000000000003846441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23af2c118f03a6c2021-12-22 11:46:04.944root 11241100x80000000000000003846442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5896b53dc3a4762021-12-22 11:46:04.944root 11241100x80000000000000003846443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3245724cc88dc212021-12-22 11:46:04.945root 11241100x80000000000000003846444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825706869c184c782021-12-22 11:46:04.945root 11241100x80000000000000003846445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c7fbe25924db332021-12-22 11:46:04.945root 11241100x80000000000000003846446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3b719e9e7c6f0c2021-12-22 11:46:04.945root 11241100x80000000000000003846447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b374ecdcb65c99b22021-12-22 11:46:04.945root 11241100x80000000000000003846448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37da9cc5971b20842021-12-22 11:46:04.945root 11241100x80000000000000003846449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eabbaba2d74ab22021-12-22 11:46:04.945root 11241100x80000000000000003846450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e192773987911f72021-12-22 11:46:04.946root 11241100x80000000000000003846451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d1b62da46e4ea72021-12-22 11:46:04.946root 11241100x80000000000000003846452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8fa55abd6f13cb2021-12-22 11:46:05.443root 11241100x80000000000000003846453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da895996cf90d152021-12-22 11:46:05.443root 11241100x80000000000000003846454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0f4c80e4ebfe202021-12-22 11:46:05.443root 11241100x80000000000000003846455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02a09c88eb97c832021-12-22 11:46:05.443root 11241100x80000000000000003846456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534b8afc2c22ba9c2021-12-22 11:46:05.444root 11241100x80000000000000003846457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b8cd84093e028e2021-12-22 11:46:05.444root 11241100x80000000000000003846458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5a53a848aeaff42021-12-22 11:46:05.444root 11241100x80000000000000003846459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd88b8639c558022021-12-22 11:46:05.444root 11241100x80000000000000003846460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59432c5c9f77e7af2021-12-22 11:46:05.444root 11241100x80000000000000003846461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c2525cd66f10722021-12-22 11:46:05.444root 11241100x80000000000000003846462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197ec0a267a17d612021-12-22 11:46:05.445root 11241100x80000000000000003846463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b5b66056a481582021-12-22 11:46:05.445root 11241100x80000000000000003846464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5bb79c3121e0072021-12-22 11:46:05.445root 11241100x80000000000000003846465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16e21a0d5cf6f102021-12-22 11:46:05.445root 11241100x80000000000000003846466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e240807ebe3472021-12-22 11:46:05.445root 11241100x80000000000000003846467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba13f8378652d0e2021-12-22 11:46:05.445root 11241100x80000000000000003846468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb32d7d9538bdf8f2021-12-22 11:46:05.445root 11241100x80000000000000003846469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8c2f42175a67922021-12-22 11:46:05.446root 11241100x80000000000000003846470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64dde651b60f2ea2021-12-22 11:46:05.446root 11241100x80000000000000003846471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461461cad0b4a7f52021-12-22 11:46:05.943root 11241100x80000000000000003846472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e50cf968034da362021-12-22 11:46:05.943root 11241100x80000000000000003846473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2ad47099b7a84b2021-12-22 11:46:05.943root 11241100x80000000000000003846474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7275ae88388beca2021-12-22 11:46:05.943root 11241100x80000000000000003846475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1136d0ba26cb0002021-12-22 11:46:05.943root 11241100x80000000000000003846476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc2dfd54834c0a22021-12-22 11:46:05.943root 11241100x80000000000000003846477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e570c09225eb2b2021-12-22 11:46:05.944root 11241100x80000000000000003846478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6e0f4578d3960d2021-12-22 11:46:05.944root 11241100x80000000000000003846479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d664ff0ddada72152021-12-22 11:46:05.944root 11241100x80000000000000003846480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eddd8250ce8699a2021-12-22 11:46:05.944root 11241100x80000000000000003846481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a07ba82eac585142021-12-22 11:46:05.944root 11241100x80000000000000003846482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332a8a4e73ca0b182021-12-22 11:46:05.944root 11241100x80000000000000003846483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb7de3c8edaf7822021-12-22 11:46:05.945root 11241100x80000000000000003846484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707c2ac08b2137ca2021-12-22 11:46:05.945root 11241100x80000000000000003846485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3374bbf9c612281a2021-12-22 11:46:05.945root 11241100x80000000000000003846486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef348cc7b1c4af22021-12-22 11:46:05.945root 11241100x80000000000000003846487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2fb337b2d3931b2021-12-22 11:46:05.945root 11241100x80000000000000003846488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0605c36082657e62021-12-22 11:46:05.945root 11241100x80000000000000003846489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764b6de9c2c757ca2021-12-22 11:46:05.945root 23542300x80000000000000003846490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003846491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2847acb85458a1102021-12-22 11:46:06.443root 11241100x80000000000000003846492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b582c016fcb78d812021-12-22 11:46:06.443root 11241100x80000000000000003846493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cac5be4d62598d02021-12-22 11:46:06.443root 11241100x80000000000000003846494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1e4c18fc5f5bab2021-12-22 11:46:06.443root 11241100x80000000000000003846495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd504968ece90692021-12-22 11:46:06.444root 11241100x80000000000000003846496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dd8d6e3003ec3b2021-12-22 11:46:06.444root 11241100x80000000000000003846497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e285b0ab6233e32021-12-22 11:46:06.444root 11241100x80000000000000003846498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4c95d6056755542021-12-22 11:46:06.444root 11241100x80000000000000003846499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a08f7b66ffdb8d2021-12-22 11:46:06.444root 11241100x80000000000000003846500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6126f75c4e9841a22021-12-22 11:46:06.444root 11241100x80000000000000003846501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35334b823fe23b982021-12-22 11:46:06.444root 11241100x80000000000000003846502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941deac38e5ba21e2021-12-22 11:46:06.444root 11241100x80000000000000003846503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb806e3f3ae02f82021-12-22 11:46:06.444root 11241100x80000000000000003846504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fec80c7179fe17c2021-12-22 11:46:06.444root 11241100x80000000000000003846505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73c2dfe8e13dd7c2021-12-22 11:46:06.444root 11241100x80000000000000003846506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b2595b66dc604b2021-12-22 11:46:06.444root 11241100x80000000000000003846507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bcd1960127eb8a2021-12-22 11:46:06.444root 11241100x80000000000000003846508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678ec1377e0087c02021-12-22 11:46:06.445root 11241100x80000000000000003846509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b048e425621b0e2021-12-22 11:46:06.445root 11241100x80000000000000003846510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aace0b7b88e2a82e2021-12-22 11:46:06.445root 11241100x80000000000000003846511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c3b06e61758a2f2021-12-22 11:46:06.943root 11241100x80000000000000003846512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0d11dad2dc2c1a2021-12-22 11:46:06.943root 11241100x80000000000000003846513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac14239af25732a2021-12-22 11:46:06.943root 11241100x80000000000000003846514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1338e24ee2cdb5502021-12-22 11:46:06.944root 11241100x80000000000000003846515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53864f2bffe408d2021-12-22 11:46:06.944root 11241100x80000000000000003846516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d76292a6d12810c2021-12-22 11:46:06.944root 11241100x80000000000000003846517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9ee064ced894c82021-12-22 11:46:06.944root 11241100x80000000000000003846518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255f265367b869b2021-12-22 11:46:06.945root 11241100x80000000000000003846519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8006e469c3b002452021-12-22 11:46:06.945root 11241100x80000000000000003846520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849a4f8fa9a452692021-12-22 11:46:06.945root 11241100x80000000000000003846521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce08e876bb67c9f2021-12-22 11:46:06.945root 11241100x80000000000000003846522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320d5a5d18fdd6532021-12-22 11:46:06.945root 11241100x80000000000000003846523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226f306c6714fa912021-12-22 11:46:06.945root 11241100x80000000000000003846524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d03d9a4fe71b75a2021-12-22 11:46:06.946root 11241100x80000000000000003846525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d6b64708dfeec62021-12-22 11:46:06.946root 11241100x80000000000000003846526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d81547cf659c7762021-12-22 11:46:06.946root 11241100x80000000000000003846527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0cc23629bf045e2021-12-22 11:46:06.946root 11241100x80000000000000003846528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981544a715ad685a2021-12-22 11:46:06.946root 11241100x80000000000000003846529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030a17363af730ac2021-12-22 11:46:06.946root 11241100x80000000000000003846530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:06.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1575c83a38cd1c2021-12-22 11:46:06.946root 354300x80000000000000003846531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.217{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55426-false10.0.1.12-8000- 11241100x80000000000000003846532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b776d09413ea3c2021-12-22 11:46:07.217root 11241100x80000000000000003846533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d374ba989906d3b22021-12-22 11:46:07.218root 11241100x80000000000000003846534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b8aef2408b0b4f2021-12-22 11:46:07.218root 11241100x80000000000000003846535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b758e2f53b13b62021-12-22 11:46:07.218root 11241100x80000000000000003846536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6a5e6258a4dade2021-12-22 11:46:07.218root 11241100x80000000000000003846537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0704914fc5b7e0742021-12-22 11:46:07.218root 11241100x80000000000000003846538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29342565e6027faa2021-12-22 11:46:07.218root 11241100x80000000000000003846539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1eb19afd6530892021-12-22 11:46:07.218root 11241100x80000000000000003846540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cac2287637d6552021-12-22 11:46:07.218root 11241100x80000000000000003846541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad924684087a1bf2021-12-22 11:46:07.218root 11241100x80000000000000003846542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216119dfd9d7a9792021-12-22 11:46:07.218root 11241100x80000000000000003846543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4ae5d5f98776622021-12-22 11:46:07.218root 11241100x80000000000000003846544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb019df18cb9f42021-12-22 11:46:07.218root 11241100x80000000000000003846545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e46c2122f86d6d2021-12-22 11:46:07.218root 11241100x80000000000000003846546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd4588c84da93132021-12-22 11:46:07.218root 11241100x80000000000000003846547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8143e2e46037b1de2021-12-22 11:46:07.219root 11241100x80000000000000003846548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bc2ea5c10941732021-12-22 11:46:07.219root 11241100x80000000000000003846549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2147903e6a6c32112021-12-22 11:46:07.219root 11241100x80000000000000003846550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bcad8f5612ddc72021-12-22 11:46:07.219root 11241100x80000000000000003846551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3272252ecac14822021-12-22 11:46:07.219root 11241100x80000000000000003846552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edd7aec3528ae562021-12-22 11:46:07.219root 11241100x80000000000000003846553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3e8380dbf130a52021-12-22 11:46:07.219root 11241100x80000000000000003846554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d063c1f2b973deb72021-12-22 11:46:07.219root 11241100x80000000000000003846555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007584001ae1ff212021-12-22 11:46:07.219root 11241100x80000000000000003846556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfbdd7dab46abe92021-12-22 11:46:07.693root 11241100x80000000000000003846557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd11edc9c22cac12021-12-22 11:46:07.693root 11241100x80000000000000003846558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e3e7bccea4943e2021-12-22 11:46:07.693root 11241100x80000000000000003846559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60a899c47be29242021-12-22 11:46:07.693root 11241100x80000000000000003846560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b91f04b05007402021-12-22 11:46:07.694root 11241100x80000000000000003846561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d18d54c3ff10a12021-12-22 11:46:07.694root 11241100x80000000000000003846562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c033a3a4bf1636c2021-12-22 11:46:07.694root 11241100x80000000000000003846563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb1833bf73b8bdd2021-12-22 11:46:07.694root 11241100x80000000000000003846564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65fdfcf88bc69ed2021-12-22 11:46:07.694root 11241100x80000000000000003846565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bf3de385876c5d2021-12-22 11:46:07.694root 11241100x80000000000000003846566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef5de0fe1a70f592021-12-22 11:46:07.694root 11241100x80000000000000003846567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6c277d99956e102021-12-22 11:46:07.695root 11241100x80000000000000003846568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de8671bf5e154d52021-12-22 11:46:07.695root 11241100x80000000000000003846569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee88dd5727b129502021-12-22 11:46:07.695root 11241100x80000000000000003846570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa2063ec29ccda2021-12-22 11:46:07.695root 11241100x80000000000000003846571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eddddf090b23c612021-12-22 11:46:07.695root 11241100x80000000000000003846572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5f93057a49772c2021-12-22 11:46:07.695root 11241100x80000000000000003846573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61be079280396c82021-12-22 11:46:07.695root 11241100x80000000000000003846574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8c1b63a9b7d64b2021-12-22 11:46:07.695root 11241100x80000000000000003846575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bf1ab0ddd9848a2021-12-22 11:46:07.695root 11241100x80000000000000003846576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc3e526987237832021-12-22 11:46:07.696root 11241100x80000000000000003846577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8977b97913ef26652021-12-22 11:46:08.193root 11241100x80000000000000003846578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e893c0c8e75bd1f02021-12-22 11:46:08.193root 11241100x80000000000000003846579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a80254233051e412021-12-22 11:46:08.193root 11241100x80000000000000003846580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a879404b820d042021-12-22 11:46:08.193root 11241100x80000000000000003846581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d61441502a402dc2021-12-22 11:46:08.193root 11241100x80000000000000003846582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5067802d61ad896e2021-12-22 11:46:08.193root 11241100x80000000000000003846583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47e0e919c37213f2021-12-22 11:46:08.194root 11241100x80000000000000003846584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f651352166855022021-12-22 11:46:08.194root 11241100x80000000000000003846585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6360b1e3e413f052021-12-22 11:46:08.194root 11241100x80000000000000003846586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f339fe3b20ca0132021-12-22 11:46:08.194root 11241100x80000000000000003846587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfc76fe67329c192021-12-22 11:46:08.194root 11241100x80000000000000003846588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20dc78cd19338ee2021-12-22 11:46:08.194root 11241100x80000000000000003846589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bbcfdbf5f81ef92021-12-22 11:46:08.194root 11241100x80000000000000003846590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c6781474665d162021-12-22 11:46:08.194root 11241100x80000000000000003846591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a8dfe02968e7aa2021-12-22 11:46:08.194root 11241100x80000000000000003846592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f19e9e926664d22021-12-22 11:46:08.194root 11241100x80000000000000003846593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071b6c984f3e4e72021-12-22 11:46:08.195root 11241100x80000000000000003846594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c2d24932907ed42021-12-22 11:46:08.195root 11241100x80000000000000003846595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb693f40968e2f42021-12-22 11:46:08.195root 11241100x80000000000000003846596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dc135fd29316612021-12-22 11:46:08.195root 11241100x80000000000000003846597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28261e02946ac11c2021-12-22 11:46:08.195root 11241100x80000000000000003846598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6520ad0bbc549aa2021-12-22 11:46:08.693root 11241100x80000000000000003846599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b2f01ab125db1f2021-12-22 11:46:08.693root 11241100x80000000000000003846600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7fb9e707bcf1972021-12-22 11:46:08.693root 11241100x80000000000000003846601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1022dbf7960c911f2021-12-22 11:46:08.694root 11241100x80000000000000003846602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8da40c6b9959ba2021-12-22 11:46:08.694root 11241100x80000000000000003846603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0fabb97c9cdc952021-12-22 11:46:08.694root 11241100x80000000000000003846604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507d7b3a36c6dc9d2021-12-22 11:46:08.694root 11241100x80000000000000003846605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea2dc6222cd3cdc2021-12-22 11:46:08.694root 11241100x80000000000000003846606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3d5d57c759d6362021-12-22 11:46:08.694root 11241100x80000000000000003846607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce98cfdb5760a8062021-12-22 11:46:08.694root 11241100x80000000000000003846608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6226bbc4ea90f5c2021-12-22 11:46:08.694root 11241100x80000000000000003846609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d30f184b6548dc2021-12-22 11:46:08.694root 11241100x80000000000000003846610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86b4b4d42cc8d8a2021-12-22 11:46:08.694root 11241100x80000000000000003846611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2add461082434f2021-12-22 11:46:08.694root 11241100x80000000000000003846612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cd1f3cb062cc882021-12-22 11:46:08.694root 11241100x80000000000000003846613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a54f976a3ca3242021-12-22 11:46:08.694root 11241100x80000000000000003846614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25afc9145d9468c2021-12-22 11:46:08.694root 11241100x80000000000000003846615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c7ba512eb2f65d2021-12-22 11:46:08.694root 11241100x80000000000000003846616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a94d42a2278ae0f2021-12-22 11:46:08.695root 11241100x80000000000000003846617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056ef34611f028762021-12-22 11:46:08.695root 11241100x80000000000000003846618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5ad67eea7bdc72021-12-22 11:46:08.695root 11241100x80000000000000003846619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68667077bc77e62f2021-12-22 11:46:09.193root 11241100x80000000000000003846620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ead6f418af665df2021-12-22 11:46:09.194root 11241100x80000000000000003846621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a300994e232885042021-12-22 11:46:09.194root 11241100x80000000000000003846622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42da4b83ef143fce2021-12-22 11:46:09.194root 11241100x80000000000000003846623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee9390447fff4c2021-12-22 11:46:09.194root 11241100x80000000000000003846624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45703b67d639fbf02021-12-22 11:46:09.194root 11241100x80000000000000003846625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d421b299c50001a2021-12-22 11:46:09.195root 11241100x80000000000000003846626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a038ac0c4fd3bd5e2021-12-22 11:46:09.195root 11241100x80000000000000003846627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ab86b0af203b4d2021-12-22 11:46:09.195root 11241100x80000000000000003846628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7358f4ace81bdc2021-12-22 11:46:09.195root 11241100x80000000000000003846629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c067580c2004aae2021-12-22 11:46:09.195root 11241100x80000000000000003846630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d090dfca082de42021-12-22 11:46:09.195root 11241100x80000000000000003846631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73112f6a3353809f2021-12-22 11:46:09.195root 11241100x80000000000000003846632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4364adbfce40cc9b2021-12-22 11:46:09.195root 11241100x80000000000000003846633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf9fde4e33756d82021-12-22 11:46:09.195root 11241100x80000000000000003846634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a7db7a37055ded2021-12-22 11:46:09.195root 11241100x80000000000000003846635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88fb9cac96cff412021-12-22 11:46:09.195root 11241100x80000000000000003846636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b6268c34830f512021-12-22 11:46:09.196root 11241100x80000000000000003846637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d88e16a1664118a2021-12-22 11:46:09.196root 11241100x80000000000000003846638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6c4f156659c9ba2021-12-22 11:46:09.196root 11241100x80000000000000003846639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bd7e0551f993442021-12-22 11:46:09.196root 11241100x80000000000000003846640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24123f0ada6883752021-12-22 11:46:09.693root 11241100x80000000000000003846641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfdcaa6e33d66cf2021-12-22 11:46:09.693root 11241100x80000000000000003846642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb63c99264664bd2021-12-22 11:46:09.693root 11241100x80000000000000003846643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6ffed55d2e54862021-12-22 11:46:09.693root 11241100x80000000000000003846644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3dd651d2bc535e2021-12-22 11:46:09.694root 11241100x80000000000000003846645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511d9a0fa4bc06542021-12-22 11:46:09.694root 11241100x80000000000000003846646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6450c0a32ac20292021-12-22 11:46:09.694root 11241100x80000000000000003846647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8733790e007a612021-12-22 11:46:09.694root 11241100x80000000000000003846648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592c2acdd7148cf52021-12-22 11:46:09.694root 11241100x80000000000000003846649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a014b58c1db1a0fa2021-12-22 11:46:09.694root 11241100x80000000000000003846650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09df72837d0c47bf2021-12-22 11:46:09.694root 11241100x80000000000000003846651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc26afc054998f12021-12-22 11:46:09.694root 11241100x80000000000000003846652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da42e316aa4da5f72021-12-22 11:46:09.695root 11241100x80000000000000003846653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53159f15d190a6ac2021-12-22 11:46:09.695root 11241100x80000000000000003846654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f551353e75c71c32021-12-22 11:46:09.695root 11241100x80000000000000003846655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01fc7e92cb11dfe2021-12-22 11:46:09.695root 11241100x80000000000000003846656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c562b030013a402021-12-22 11:46:09.695root 11241100x80000000000000003846657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0b7f48d770dd982021-12-22 11:46:09.695root 11241100x80000000000000003846658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1829839a545d122021-12-22 11:46:09.696root 11241100x80000000000000003846659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b16196f3e0602b2021-12-22 11:46:09.696root 11241100x80000000000000003846660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504da9c5462cd1aa2021-12-22 11:46:09.696root 11241100x80000000000000003846661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751cc63e79280f102021-12-22 11:46:10.193root 11241100x80000000000000003846662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaebce0c2b8f2e52021-12-22 11:46:10.193root 11241100x80000000000000003846663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1630c1d1be383adf2021-12-22 11:46:10.194root 11241100x80000000000000003846664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79a06e33da209962021-12-22 11:46:10.194root 11241100x80000000000000003846665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d6271fe9adf0e32021-12-22 11:46:10.194root 11241100x80000000000000003846666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a5c1ea0ae05ee52021-12-22 11:46:10.194root 11241100x80000000000000003846667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e061fa1a06e8ced2021-12-22 11:46:10.194root 11241100x80000000000000003846668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c274d320b2fc802021-12-22 11:46:10.194root 11241100x80000000000000003846669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6846311c57f748822021-12-22 11:46:10.194root 11241100x80000000000000003846670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd96a2a6caa0311f2021-12-22 11:46:10.194root 11241100x80000000000000003846671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3480b0fee28bf02021-12-22 11:46:10.194root 11241100x80000000000000003846672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42ec1b1dbc7fb312021-12-22 11:46:10.194root 11241100x80000000000000003846673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c48bf2813214982021-12-22 11:46:10.194root 11241100x80000000000000003846674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4b4dd5fb23d3932021-12-22 11:46:10.194root 11241100x80000000000000003846675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404687a80df70fb22021-12-22 11:46:10.194root 11241100x80000000000000003846676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcfcd7eecb246c82021-12-22 11:46:10.194root 11241100x80000000000000003846677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c4dc79344b5c622021-12-22 11:46:10.194root 11241100x80000000000000003846678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc73a959530b65c2021-12-22 11:46:10.194root 11241100x80000000000000003846679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6722c90965b232982021-12-22 11:46:10.195root 11241100x80000000000000003846680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf00045f853b8a2021-12-22 11:46:10.195root 11241100x80000000000000003846681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb273d98c02a53ad2021-12-22 11:46:10.195root 11241100x80000000000000003846682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2e1a9f58615222021-12-22 11:46:10.693root 11241100x80000000000000003846683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3674a2d3589a2acd2021-12-22 11:46:10.693root 11241100x80000000000000003846684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cf8b80b25ebbe72021-12-22 11:46:10.693root 11241100x80000000000000003846685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f569bc3b77f3932c2021-12-22 11:46:10.693root 11241100x80000000000000003846686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd2a689bf4e60952021-12-22 11:46:10.694root 11241100x80000000000000003846687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3d3227e34a8ca42021-12-22 11:46:10.694root 11241100x80000000000000003846688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b82705b4cc8ad22021-12-22 11:46:10.694root 11241100x80000000000000003846689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60033b81985a6cb2021-12-22 11:46:10.694root 11241100x80000000000000003846690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6839cbeee155e7a2021-12-22 11:46:10.694root 11241100x80000000000000003846691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69219e349e0019982021-12-22 11:46:10.694root 11241100x80000000000000003846692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427c3badf88e62672021-12-22 11:46:10.694root 11241100x80000000000000003846693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09f8b1fa22f5b262021-12-22 11:46:10.694root 11241100x80000000000000003846694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cb821758f3f7f42021-12-22 11:46:10.694root 11241100x80000000000000003846695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44272d76e27ecaf2021-12-22 11:46:10.694root 11241100x80000000000000003846696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3451a5f3ff9fc45c2021-12-22 11:46:10.694root 11241100x80000000000000003846697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55ae38094c01c122021-12-22 11:46:10.694root 11241100x80000000000000003846698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6368771dbdcfe72021-12-22 11:46:10.694root 11241100x80000000000000003846699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cebae1814b35fef2021-12-22 11:46:10.695root 11241100x80000000000000003846700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681981684bc1575a2021-12-22 11:46:10.695root 11241100x80000000000000003846701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e817b508147eb6942021-12-22 11:46:10.695root 11241100x80000000000000003846702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d48d1fc561ef582021-12-22 11:46:10.695root 11241100x80000000000000003846703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfccfe8ed5c07ce2021-12-22 11:46:11.193root 11241100x80000000000000003846704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e26c1dd9fd026e62021-12-22 11:46:11.193root 11241100x80000000000000003846705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a40d6f9af9fb2202021-12-22 11:46:11.193root 11241100x80000000000000003846706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daac22e0bfcb31732021-12-22 11:46:11.193root 11241100x80000000000000003846707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cc430c1beea7392021-12-22 11:46:11.193root 11241100x80000000000000003846708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7821660fbf9d2392021-12-22 11:46:11.193root 11241100x80000000000000003846709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfab1d975a5e51c2021-12-22 11:46:11.194root 11241100x80000000000000003846710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc0a42c86408c9d2021-12-22 11:46:11.194root 11241100x80000000000000003846711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a07e61533786622021-12-22 11:46:11.194root 11241100x80000000000000003846712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b95cd66124b6e32021-12-22 11:46:11.195root 11241100x80000000000000003846713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a329d06629fba9902021-12-22 11:46:11.195root 11241100x80000000000000003846714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab95bb1c86e21e42021-12-22 11:46:11.195root 11241100x80000000000000003846715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc3c319ab0124a92021-12-22 11:46:11.196root 11241100x80000000000000003846716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d52a60591ce2e752021-12-22 11:46:11.196root 11241100x80000000000000003846717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b4934a739be0052021-12-22 11:46:11.196root 11241100x80000000000000003846718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd490e9bd1ec0d72021-12-22 11:46:11.197root 11241100x80000000000000003846719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111986f3f67552a52021-12-22 11:46:11.197root 11241100x80000000000000003846720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b81d2d6cf17a6732021-12-22 11:46:11.197root 11241100x80000000000000003846721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ace91ceacbbfae32021-12-22 11:46:11.197root 11241100x80000000000000003846722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe2cd8ee91efdc92021-12-22 11:46:11.198root 11241100x80000000000000003846723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05baa5ea37b146df2021-12-22 11:46:11.198root 11241100x80000000000000003846724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31a3cb1f16225ed2021-12-22 11:46:11.692root 11241100x80000000000000003846725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2a88473e1c914e2021-12-22 11:46:11.693root 11241100x80000000000000003846726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696bd10b5f6825442021-12-22 11:46:11.693root 11241100x80000000000000003846727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d71b1997bb52bb2021-12-22 11:46:11.693root 11241100x80000000000000003846728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4e5f85fd0821982021-12-22 11:46:11.693root 11241100x80000000000000003846729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504e7ef0e06b963f2021-12-22 11:46:11.694root 11241100x80000000000000003846730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7383da0a4def5e562021-12-22 11:46:11.694root 11241100x80000000000000003846731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21270576b7e912212021-12-22 11:46:11.694root 11241100x80000000000000003846732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991536029f93e16e2021-12-22 11:46:11.694root 11241100x80000000000000003846733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc9bf204a277e632021-12-22 11:46:11.694root 11241100x80000000000000003846734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357501dc52ce2bfa2021-12-22 11:46:11.695root 11241100x80000000000000003846735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe2c534e039087d2021-12-22 11:46:11.695root 11241100x80000000000000003846736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138a2593fd281ef22021-12-22 11:46:11.695root 11241100x80000000000000003846737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c107f15c4958a2df2021-12-22 11:46:11.695root 11241100x80000000000000003846738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d6cf1bcde686c82021-12-22 11:46:11.695root 11241100x80000000000000003846739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d96b18ea5b8362021-12-22 11:46:11.696root 11241100x80000000000000003846740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3f9fbcec9f952e2021-12-22 11:46:11.696root 11241100x80000000000000003846741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f8996faeb5afd42021-12-22 11:46:11.696root 11241100x80000000000000003846742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd9853fc2b9ad782021-12-22 11:46:11.696root 11241100x80000000000000003846743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7165b56c861d86e2021-12-22 11:46:11.696root 11241100x80000000000000003846744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4356f60b0961b122021-12-22 11:46:11.696root 11241100x80000000000000003846745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9c873892e696532021-12-22 11:46:11.696root 11241100x80000000000000003846746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb8dd882264eb382021-12-22 11:46:11.696root 11241100x80000000000000003846747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66835b363998b6f02021-12-22 11:46:12.192root 11241100x80000000000000003846748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6f73631d6f07472021-12-22 11:46:12.193root 11241100x80000000000000003846749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219146526de90cef2021-12-22 11:46:12.193root 11241100x80000000000000003846750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1a364b28bb2a052021-12-22 11:46:12.193root 11241100x80000000000000003846751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244265ac466c54d82021-12-22 11:46:12.194root 11241100x80000000000000003846752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbd41565ab990b42021-12-22 11:46:12.194root 11241100x80000000000000003846753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4785a27f7af220722021-12-22 11:46:12.194root 11241100x80000000000000003846754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00eb059ef9c5bef2021-12-22 11:46:12.194root 11241100x80000000000000003846755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef598c27bafcbf272021-12-22 11:46:12.194root 11241100x80000000000000003846756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10f427baf0043d72021-12-22 11:46:12.195root 11241100x80000000000000003846757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85735e44496555a72021-12-22 11:46:12.195root 11241100x80000000000000003846758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b46041dee77b5312021-12-22 11:46:12.195root 11241100x80000000000000003846759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f804b07cb30c846f2021-12-22 11:46:12.196root 11241100x80000000000000003846760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64a6eaa1332d53c2021-12-22 11:46:12.196root 11241100x80000000000000003846761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0be328017f53212021-12-22 11:46:12.196root 11241100x80000000000000003846762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fcb0871ad36a712021-12-22 11:46:12.196root 11241100x80000000000000003846763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eab8b8d1a7e39032021-12-22 11:46:12.197root 11241100x80000000000000003846764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3838f0c3aaaa72132021-12-22 11:46:12.197root 11241100x80000000000000003846765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f1638ffb0789a2021-12-22 11:46:12.197root 11241100x80000000000000003846766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b99952f43b23582021-12-22 11:46:12.197root 11241100x80000000000000003846767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c5483ca3351c2a2021-12-22 11:46:12.197root 11241100x80000000000000003846768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e0a14ccab7e2b02021-12-22 11:46:12.197root 11241100x80000000000000003846769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf17fecf5019b0d2021-12-22 11:46:12.198root 354300x80000000000000003846770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.248{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55428-false10.0.1.12-8000- 11241100x80000000000000003846771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a6b7b308704b782021-12-22 11:46:12.692root 11241100x80000000000000003846772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f3a2a73c3b692e2021-12-22 11:46:12.693root 11241100x80000000000000003846773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c228b80383e14ea02021-12-22 11:46:12.694root 11241100x80000000000000003846774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca5ba73113bd50a2021-12-22 11:46:12.694root 11241100x80000000000000003846775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dcc7fbad039be62021-12-22 11:46:12.694root 11241100x80000000000000003846776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742dd534a2b7afd2021-12-22 11:46:12.694root 11241100x80000000000000003846777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ac36da8fdf05612021-12-22 11:46:12.694root 11241100x80000000000000003846778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a583d90927c6642021-12-22 11:46:12.694root 11241100x80000000000000003846779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3224ad7c33b8616e2021-12-22 11:46:12.694root 11241100x80000000000000003846780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c669aec48ad7cc002021-12-22 11:46:12.695root 11241100x80000000000000003846781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eeab175b13843c92021-12-22 11:46:12.695root 11241100x80000000000000003846782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1d0993f0b4a7a32021-12-22 11:46:12.695root 11241100x80000000000000003846783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9cf7905d8f4de72021-12-22 11:46:12.695root 11241100x80000000000000003846784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc780db8f413c51e2021-12-22 11:46:12.695root 11241100x80000000000000003846785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799dc63871f3e1ef2021-12-22 11:46:12.695root 11241100x80000000000000003846786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ff942a219029692021-12-22 11:46:12.696root 11241100x80000000000000003846787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4697a89896f57d942021-12-22 11:46:12.696root 11241100x80000000000000003846788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05f58655acd1b8b2021-12-22 11:46:12.696root 11241100x80000000000000003846789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef4cfbda395b4432021-12-22 11:46:12.696root 11241100x80000000000000003846790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4483f18b3a987acb2021-12-22 11:46:12.696root 11241100x80000000000000003846791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669f1aec467582522021-12-22 11:46:12.696root 11241100x80000000000000003846792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41971fe294dd8872021-12-22 11:46:12.697root 11241100x80000000000000003846793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0b23b96965d4f32021-12-22 11:46:12.697root 11241100x80000000000000003846794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e22318aa3dcedc2021-12-22 11:46:12.697root 11241100x80000000000000003846795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2084761480c075cc2021-12-22 11:46:12.697root 11241100x80000000000000003846796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919ac801382961ff2021-12-22 11:46:12.697root 11241100x80000000000000003846797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa5844f04e4588f2021-12-22 11:46:12.697root 11241100x80000000000000003846798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1be388e2cc57c082021-12-22 11:46:12.698root 11241100x80000000000000003846799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95dc795306b82212021-12-22 11:46:12.698root 11241100x80000000000000003846800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1690e0f5b49ea1a2021-12-22 11:46:13.193root 11241100x80000000000000003846801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0417dee88121e672021-12-22 11:46:13.193root 11241100x80000000000000003846802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822f57f5e3bc94312021-12-22 11:46:13.193root 11241100x80000000000000003846803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f954cf5f96901852021-12-22 11:46:13.193root 11241100x80000000000000003846804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cd47a6991accbe2021-12-22 11:46:13.193root 11241100x80000000000000003846805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e76649144f0c3892021-12-22 11:46:13.193root 11241100x80000000000000003846806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582dfab3fca49f22021-12-22 11:46:13.194root 11241100x80000000000000003846807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8d772da565ed442021-12-22 11:46:13.194root 11241100x80000000000000003846808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d139ff06a7e1e7e2021-12-22 11:46:13.194root 11241100x80000000000000003846809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89ab16debd50f852021-12-22 11:46:13.194root 11241100x80000000000000003846810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec35d48912d5799a2021-12-22 11:46:13.194root 11241100x80000000000000003846811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e6e56e22da5b572021-12-22 11:46:13.194root 11241100x80000000000000003846812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1b96f640475e0c2021-12-22 11:46:13.195root 11241100x80000000000000003846813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da917a9dd4c5883d2021-12-22 11:46:13.195root 11241100x80000000000000003846814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb90c35f1ffbc492021-12-22 11:46:13.195root 11241100x80000000000000003846815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d73e1a34ce298882021-12-22 11:46:13.195root 11241100x80000000000000003846816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aa40117899c2602021-12-22 11:46:13.196root 11241100x80000000000000003846817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f33cd659bcba16c2021-12-22 11:46:13.196root 11241100x80000000000000003846818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55eb65788cc4d9202021-12-22 11:46:13.196root 11241100x80000000000000003846819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db859630a8842202021-12-22 11:46:13.197root 11241100x80000000000000003846820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f0119e4e41b3282021-12-22 11:46:13.197root 11241100x80000000000000003846821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbefa4cff42ded32021-12-22 11:46:13.197root 11241100x80000000000000003846822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc4f66a50155112021-12-22 11:46:13.197root 11241100x80000000000000003846823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdb50f35d2091042021-12-22 11:46:13.693root 11241100x80000000000000003846824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194209e25250ff8c2021-12-22 11:46:13.693root 11241100x80000000000000003846825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad5170b29d4e35f2021-12-22 11:46:13.694root 11241100x80000000000000003846826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b04d7e15fe805042021-12-22 11:46:13.694root 11241100x80000000000000003846827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176191480f4996862021-12-22 11:46:13.694root 11241100x80000000000000003846828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd3a7bc71e79fe32021-12-22 11:46:13.694root 11241100x80000000000000003846829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e478542de742272021-12-22 11:46:13.694root 11241100x80000000000000003846830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d238e98694933edf2021-12-22 11:46:13.694root 11241100x80000000000000003846831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665bb606ab4e7c32021-12-22 11:46:13.694root 11241100x80000000000000003846832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709ccdcd2b1cb59c2021-12-22 11:46:13.695root 11241100x80000000000000003846833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aad80ade6601d892021-12-22 11:46:13.695root 11241100x80000000000000003846834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ac639feb5d1add2021-12-22 11:46:13.695root 11241100x80000000000000003846835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad4df416a93fd762021-12-22 11:46:13.695root 11241100x80000000000000003846836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a544a33c8d101a2021-12-22 11:46:13.695root 11241100x80000000000000003846837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a8a61fe220ac9e2021-12-22 11:46:13.695root 11241100x80000000000000003846838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317de89595aa5a432021-12-22 11:46:13.695root 11241100x80000000000000003846839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177c783e52b64cb92021-12-22 11:46:13.695root 11241100x80000000000000003846840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c577bcb62f690d2021-12-22 11:46:13.695root 11241100x80000000000000003846841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d19444ffccd2322021-12-22 11:46:13.695root 11241100x80000000000000003846842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213fdd710388cd7d2021-12-22 11:46:13.695root 11241100x80000000000000003846843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa90be3d7fb6f83e2021-12-22 11:46:13.696root 11241100x80000000000000003846844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f5b1c701abaeaf2021-12-22 11:46:13.696root 11241100x80000000000000003846845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e1c5ecad6f513e2021-12-22 11:46:14.193root 11241100x80000000000000003846846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff3e54c11c73f02021-12-22 11:46:14.193root 11241100x80000000000000003846847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b06ddfb2444ca62021-12-22 11:46:14.193root 11241100x80000000000000003846848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff633842df7131a32021-12-22 11:46:14.194root 11241100x80000000000000003846849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4924debb12970f022021-12-22 11:46:14.194root 11241100x80000000000000003846850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f319993ee40abf2021-12-22 11:46:14.194root 11241100x80000000000000003846851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8314b72c4aae81002021-12-22 11:46:14.194root 11241100x80000000000000003846852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19cdd356d855b16f2021-12-22 11:46:14.194root 11241100x80000000000000003846853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97952ba65ef5a4dd2021-12-22 11:46:14.194root 11241100x80000000000000003846854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c23c1689e0989f2021-12-22 11:46:14.194root 11241100x80000000000000003846855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2974fdafa4a4e1452021-12-22 11:46:14.194root 11241100x80000000000000003846856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d96f63460834be2021-12-22 11:46:14.194root 11241100x80000000000000003846857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db08a13421b127af2021-12-22 11:46:14.194root 11241100x80000000000000003846858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc6cc3c094096f52021-12-22 11:46:14.195root 11241100x80000000000000003846859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11afdd8d6369ad62021-12-22 11:46:14.195root 11241100x80000000000000003846860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10203aee5539497f2021-12-22 11:46:14.195root 11241100x80000000000000003846861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfaa41b6196ae912021-12-22 11:46:14.195root 11241100x80000000000000003846862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3287d5c551ad942021-12-22 11:46:14.195root 11241100x80000000000000003846863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848105649c2ea93c2021-12-22 11:46:14.196root 11241100x80000000000000003846864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca17f3c8458d722021-12-22 11:46:14.196root 11241100x80000000000000003846865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682098d69f9613df2021-12-22 11:46:14.196root 11241100x80000000000000003846866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f39c5cd1dfbe912021-12-22 11:46:14.196root 11241100x80000000000000003846867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a48e7266e5851ea2021-12-22 11:46:14.693root 11241100x80000000000000003846868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8c4664fa7a8e5a2021-12-22 11:46:14.693root 11241100x80000000000000003846869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32f9673103396192021-12-22 11:46:14.693root 11241100x80000000000000003846870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eef55b27adda0ab2021-12-22 11:46:14.694root 11241100x80000000000000003846871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a6c2061ef95deb2021-12-22 11:46:14.694root 11241100x80000000000000003846872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378023c402ac9962021-12-22 11:46:14.694root 11241100x80000000000000003846873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bdcff23da6f3652021-12-22 11:46:14.694root 11241100x80000000000000003846874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de72c1d2dfdc46b2021-12-22 11:46:14.694root 11241100x80000000000000003846875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd4c426dc08d5a92021-12-22 11:46:14.694root 11241100x80000000000000003846876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dab9a2b898ebd82021-12-22 11:46:14.694root 11241100x80000000000000003846877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eec830f8225c20b2021-12-22 11:46:14.694root 11241100x80000000000000003846878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26af5d3625ef10732021-12-22 11:46:14.694root 11241100x80000000000000003846879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64af48be2d5a793d2021-12-22 11:46:14.694root 11241100x80000000000000003846880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3852cb7a01447422021-12-22 11:46:14.695root 11241100x80000000000000003846881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a665bd561c8d740c2021-12-22 11:46:14.695root 11241100x80000000000000003846882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f703c7f5031b28042021-12-22 11:46:14.695root 11241100x80000000000000003846883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa830f503273e272021-12-22 11:46:14.695root 11241100x80000000000000003846884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dabd6f61185f6d2021-12-22 11:46:14.695root 11241100x80000000000000003846885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80cf6f29da1b8ce2021-12-22 11:46:14.695root 11241100x80000000000000003846886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3e1dd9c4efa6e02021-12-22 11:46:14.695root 11241100x80000000000000003846887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea92ba04cda47642021-12-22 11:46:14.695root 11241100x80000000000000003846888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2736d02b1f5296132021-12-22 11:46:14.695root 11241100x80000000000000003846889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73c3b85574670722021-12-22 11:46:15.193root 11241100x80000000000000003846890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a0a1ec5a6dcd322021-12-22 11:46:15.193root 11241100x80000000000000003846891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ead13b141d8fe12021-12-22 11:46:15.193root 11241100x80000000000000003846892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942b93d06814a8602021-12-22 11:46:15.193root 11241100x80000000000000003846893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc386c5b8346c292021-12-22 11:46:15.193root 11241100x80000000000000003846894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e8d5fd50ca9772021-12-22 11:46:15.194root 11241100x80000000000000003846895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1fd11d90853a32021-12-22 11:46:15.194root 11241100x80000000000000003846896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a84d9c13d49571532021-12-22 11:46:15.194root 11241100x80000000000000003846897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99dbc5eac66db9b2021-12-22 11:46:15.194root 11241100x80000000000000003846898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5316108ca5fb6c432021-12-22 11:46:15.194root 11241100x80000000000000003846899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcd656b94ce86ad2021-12-22 11:46:15.195root 11241100x80000000000000003846900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0d559af36de9772021-12-22 11:46:15.195root 11241100x80000000000000003846901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513a87cd548630862021-12-22 11:46:15.195root 11241100x80000000000000003846902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bebf4269971beb2021-12-22 11:46:15.195root 11241100x80000000000000003846903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a3f996f9cea0fc2021-12-22 11:46:15.196root 11241100x80000000000000003846904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f73222b6e31750c2021-12-22 11:46:15.196root 11241100x80000000000000003846905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2201ec9f60300ba2021-12-22 11:46:15.196root 11241100x80000000000000003846906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b57029f6c24f162021-12-22 11:46:15.196root 11241100x80000000000000003846907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2e3dd59a4472482021-12-22 11:46:15.197root 11241100x80000000000000003846908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fc9e18b09b2eb72021-12-22 11:46:15.197root 11241100x80000000000000003846909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25359e0e19e72b0c2021-12-22 11:46:15.197root 11241100x80000000000000003846910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749c04c7b8cdbc822021-12-22 11:46:15.197root 11241100x80000000000000003846911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2c1305dbf1c0e42021-12-22 11:46:15.693root 11241100x80000000000000003846912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a440495b27dfb762021-12-22 11:46:15.694root 11241100x80000000000000003846913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d28752f9d845ceb2021-12-22 11:46:15.694root 11241100x80000000000000003846914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48a48217e1f73ed2021-12-22 11:46:15.694root 11241100x80000000000000003846915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce4c9b5bac633d52021-12-22 11:46:15.694root 11241100x80000000000000003846916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8452a6ff5b330212021-12-22 11:46:15.694root 11241100x80000000000000003846917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7102f1c7a2f5d5602021-12-22 11:46:15.694root 11241100x80000000000000003846918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5ebab701d749652021-12-22 11:46:15.694root 11241100x80000000000000003846919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a049551541310b312021-12-22 11:46:15.694root 11241100x80000000000000003846920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eb4cbb9b3b38a72021-12-22 11:46:15.694root 11241100x80000000000000003846921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047486ed04dfb3ac2021-12-22 11:46:15.695root 11241100x80000000000000003846922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d165cdb7e9a5f52021-12-22 11:46:15.695root 11241100x80000000000000003846923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabfa4b94a3fa3ed2021-12-22 11:46:15.695root 11241100x80000000000000003846924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6a3ad19ebf1e1f2021-12-22 11:46:15.695root 11241100x80000000000000003846925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beb81691f25292c2021-12-22 11:46:15.695root 11241100x80000000000000003846926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73e029e722069a02021-12-22 11:46:15.695root 11241100x80000000000000003846927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce65035e323a8452021-12-22 11:46:15.695root 11241100x80000000000000003846928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9152d316ae43f6cd2021-12-22 11:46:15.695root 11241100x80000000000000003846929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf64a18b2c9d39d32021-12-22 11:46:15.695root 11241100x80000000000000003846930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8bf9b643ac47912021-12-22 11:46:15.695root 11241100x80000000000000003846931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644919b3d3b7a212021-12-22 11:46:15.696root 11241100x80000000000000003846932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:15.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d8df75b35d65f12021-12-22 11:46:15.696root 11241100x80000000000000003846933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5b3ab08239ef82021-12-22 11:46:16.193root 11241100x80000000000000003846934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659e15c76c2becf92021-12-22 11:46:16.193root 11241100x80000000000000003846935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a93ae4e4fabcf9d2021-12-22 11:46:16.193root 11241100x80000000000000003846936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0969c3baff9313922021-12-22 11:46:16.194root 11241100x80000000000000003846937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9eeab6f9a29a2132021-12-22 11:46:16.194root 11241100x80000000000000003846938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011fa7c6745554052021-12-22 11:46:16.194root 11241100x80000000000000003846939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45523eebad776e682021-12-22 11:46:16.194root 11241100x80000000000000003846940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b8c5405efd78272021-12-22 11:46:16.194root 11241100x80000000000000003846941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761a4279b2db61cc2021-12-22 11:46:16.194root 11241100x80000000000000003846942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b313e6f5cc99a12021-12-22 11:46:16.194root 11241100x80000000000000003846943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda7a40d223635a82021-12-22 11:46:16.194root 11241100x80000000000000003846944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a43d55f21ce06e42021-12-22 11:46:16.194root 11241100x80000000000000003846945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462afeaf44fbebe92021-12-22 11:46:16.195root 11241100x80000000000000003846946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd2638e96013202021-12-22 11:46:16.195root 11241100x80000000000000003846947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27af76cc84945f3c2021-12-22 11:46:16.195root 11241100x80000000000000003846948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f82e367bdbe0502021-12-22 11:46:16.195root 11241100x80000000000000003846949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e582ab057051b3e2021-12-22 11:46:16.195root 11241100x80000000000000003846950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f873290149f41e22021-12-22 11:46:16.195root 11241100x80000000000000003846951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b983f1fe4495f82021-12-22 11:46:16.195root 11241100x80000000000000003846952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeec7ac6877c53f42021-12-22 11:46:16.195root 11241100x80000000000000003846953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11524dbc3fc04de2021-12-22 11:46:16.195root 11241100x80000000000000003846954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1eaaeb3eade6ae2021-12-22 11:46:16.196root 11241100x80000000000000003846955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b583f0bfb55fe462021-12-22 11:46:16.692root 11241100x80000000000000003846956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f9193f0babf772021-12-22 11:46:16.693root 11241100x80000000000000003846957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6980c382f65f37c82021-12-22 11:46:16.693root 11241100x80000000000000003846958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa70a15ef7df3822021-12-22 11:46:16.693root 11241100x80000000000000003846959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fe2cd838bc08ca2021-12-22 11:46:16.693root 11241100x80000000000000003846960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a439f51e61b4f32021-12-22 11:46:16.694root 11241100x80000000000000003846961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdddb42cb967c1712021-12-22 11:46:16.694root 11241100x80000000000000003846962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ba346bea1c34292021-12-22 11:46:16.694root 11241100x80000000000000003846963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d55f6b397eb6be72021-12-22 11:46:16.695root 11241100x80000000000000003846964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c0a5cd720ef66e2021-12-22 11:46:16.695root 11241100x80000000000000003846965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2c23649eb35f952021-12-22 11:46:16.695root 11241100x80000000000000003846966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8653601f2fdc5b4a2021-12-22 11:46:16.695root 11241100x80000000000000003846967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e9048cb51e4a762021-12-22 11:46:16.695root 11241100x80000000000000003846968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d525d62dbb739b2021-12-22 11:46:16.695root 11241100x80000000000000003846969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ec5aa9474e96f32021-12-22 11:46:16.696root 11241100x80000000000000003846970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc723a8276b850532021-12-22 11:46:16.696root 11241100x80000000000000003846971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4832547237db26fe2021-12-22 11:46:16.697root 11241100x80000000000000003846972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941c5539a1a672d02021-12-22 11:46:16.697root 11241100x80000000000000003846973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a39346d33f5b3b2021-12-22 11:46:16.698root 11241100x80000000000000003846974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee62b5fcf11922942021-12-22 11:46:16.698root 11241100x80000000000000003846975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e28da5ccfa9e2c2021-12-22 11:46:16.698root 11241100x80000000000000003846976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb117755eb68e3a2021-12-22 11:46:16.698root 11241100x80000000000000003846977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23169a7ebd815ff32021-12-22 11:46:16.699root 11241100x80000000000000003846978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:16.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8195bfa83673940d2021-12-22 11:46:16.701root 11241100x80000000000000003846979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e9b0c2c248aa332021-12-22 11:46:17.193root 11241100x80000000000000003846980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bfa02ebca511202021-12-22 11:46:17.193root 11241100x80000000000000003846981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af391e69b4df88d22021-12-22 11:46:17.193root 11241100x80000000000000003846982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7722e7bfd77e0f622021-12-22 11:46:17.193root 11241100x80000000000000003846983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6fd93b1f7512dc2021-12-22 11:46:17.193root 11241100x80000000000000003846984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00edc9d2c4984d302021-12-22 11:46:17.194root 11241100x80000000000000003846985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52916c4b7a0bd14b2021-12-22 11:46:17.194root 11241100x80000000000000003846986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ba433431bb302b2021-12-22 11:46:17.194root 11241100x80000000000000003846987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154b6efc88e0796e2021-12-22 11:46:17.195root 11241100x80000000000000003846988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c616eeb1dbe061bd2021-12-22 11:46:17.195root 11241100x80000000000000003846989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481f9e02a07d973a2021-12-22 11:46:17.195root 11241100x80000000000000003846990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debd28a915db74db2021-12-22 11:46:17.195root 11241100x80000000000000003846991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b8519d89d66b1a2021-12-22 11:46:17.196root 11241100x80000000000000003846992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81b00cd79effb2e2021-12-22 11:46:17.196root 11241100x80000000000000003846993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25326cfc4f2e47ab2021-12-22 11:46:17.196root 11241100x80000000000000003846994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d598d361e6f06ec92021-12-22 11:46:17.196root 11241100x80000000000000003846995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8ac012a56ac01a2021-12-22 11:46:17.196root 11241100x80000000000000003846996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de504438dfea8ce2021-12-22 11:46:17.196root 11241100x80000000000000003846997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d6ce380e1208772021-12-22 11:46:17.196root 11241100x80000000000000003846998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b86109331633122021-12-22 11:46:17.196root 11241100x80000000000000003846999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b0cd0aa63a85382021-12-22 11:46:17.196root 11241100x80000000000000003847000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abe208213eaa7b02021-12-22 11:46:17.197root 11241100x80000000000000003847001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a8462bae2ee7de2021-12-22 11:46:17.197root 11241100x80000000000000003847002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9acc32805303dfb2021-12-22 11:46:17.693root 11241100x80000000000000003847003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c82bc9bfbc7ed772021-12-22 11:46:17.693root 11241100x80000000000000003847004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377019d338ff69052021-12-22 11:46:17.693root 11241100x80000000000000003847005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31c6c00beaf9d282021-12-22 11:46:17.693root 11241100x80000000000000003847006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ec76c2a93380f32021-12-22 11:46:17.694root 11241100x80000000000000003847007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d84bef139c4392a2021-12-22 11:46:17.694root 11241100x80000000000000003847008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ea6bb5347482052021-12-22 11:46:17.694root 11241100x80000000000000003847009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c262722222fffaf2021-12-22 11:46:17.694root 11241100x80000000000000003847010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378be8401957d5582021-12-22 11:46:17.695root 11241100x80000000000000003847011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff70417fde8fb5d2021-12-22 11:46:17.695root 11241100x80000000000000003847012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74250d3c42da286a2021-12-22 11:46:17.695root 11241100x80000000000000003847013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59716980cafef002021-12-22 11:46:17.695root 11241100x80000000000000003847014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd4da35562c46aa2021-12-22 11:46:17.695root 11241100x80000000000000003847015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff7a5f686887c262021-12-22 11:46:17.695root 11241100x80000000000000003847016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9319c72b34237b0a2021-12-22 11:46:17.696root 11241100x80000000000000003847017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc342d331f3513822021-12-22 11:46:17.696root 11241100x80000000000000003847018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4596ae053328672021-12-22 11:46:17.696root 11241100x80000000000000003847019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c92ea3d71f5dfa02021-12-22 11:46:17.696root 11241100x80000000000000003847020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25be96a23e474702021-12-22 11:46:17.697root 11241100x80000000000000003847021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd02fc70a67172f2021-12-22 11:46:17.697root 11241100x80000000000000003847022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba25f70562ee4b32021-12-22 11:46:17.697root 11241100x80000000000000003847023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fe913aaf9f01932021-12-22 11:46:17.698root 11241100x80000000000000003847024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c2ef82ec2609d22021-12-22 11:46:17.699root 11241100x80000000000000003847025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33c88b3f187ba172021-12-22 11:46:17.699root 354300x80000000000000003847026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.141{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55430-false10.0.1.12-8000- 11241100x80000000000000003847027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd54f94c740284c2021-12-22 11:46:18.142root 11241100x80000000000000003847028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a84358f65999c82021-12-22 11:46:18.142root 11241100x80000000000000003847029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.142{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a45e597ad11072021-12-22 11:46:18.142root 11241100x80000000000000003847030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3c9e702b5d4b9e2021-12-22 11:46:18.143root 11241100x80000000000000003847031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee8308f42e7d3a2021-12-22 11:46:18.143root 11241100x80000000000000003847032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d47ac9a5bea9872021-12-22 11:46:18.143root 11241100x80000000000000003847033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef74718f090c992021-12-22 11:46:18.143root 11241100x80000000000000003847034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa64504eb6099ba2021-12-22 11:46:18.143root 11241100x80000000000000003847035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd7a1bb143b50412021-12-22 11:46:18.143root 11241100x80000000000000003847036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af42cd3e2a560b262021-12-22 11:46:18.143root 11241100x80000000000000003847037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1aedbbaba7cabd2021-12-22 11:46:18.143root 11241100x80000000000000003847038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d2fcbf5e4a62412021-12-22 11:46:18.143root 11241100x80000000000000003847039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83c67cd2e6811c62021-12-22 11:46:18.143root 11241100x80000000000000003847040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76605820114626782021-12-22 11:46:18.143root 11241100x80000000000000003847041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5891e30385cb56dd2021-12-22 11:46:18.143root 11241100x80000000000000003847042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fc76093b3915972021-12-22 11:46:18.144root 11241100x80000000000000003847043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff91448c5805214c2021-12-22 11:46:18.144root 11241100x80000000000000003847044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124b4315c70fc7112021-12-22 11:46:18.144root 11241100x80000000000000003847045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8754802630090642021-12-22 11:46:18.144root 11241100x80000000000000003847046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaea04be6abf23552021-12-22 11:46:18.144root 11241100x80000000000000003847047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c2af1673b214c52021-12-22 11:46:18.144root 11241100x80000000000000003847048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4178ff855cf7e0502021-12-22 11:46:18.144root 11241100x80000000000000003847049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f011916ea0ad1f2021-12-22 11:46:18.144root 11241100x80000000000000003847050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9853b0186340bd22021-12-22 11:46:18.145root 11241100x80000000000000003847051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93c395d398ac53a2021-12-22 11:46:18.145root 11241100x80000000000000003847052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c09c0d73303f9d92021-12-22 11:46:18.145root 11241100x80000000000000003847053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770f1ae80008697e2021-12-22 11:46:18.145root 11241100x80000000000000003847054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5db41b1d9987f02021-12-22 11:46:18.145root 11241100x80000000000000003847055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541ce131efd7b49e2021-12-22 11:46:18.145root 11241100x80000000000000003847056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.148{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/system.journal2021-12-22 11:46:18.148root 11241100x80000000000000003847057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2eeb015a49927a2021-12-22 11:46:18.149root 11241100x80000000000000003847058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e55f21a36638e7a2021-12-22 11:46:18.150root 11241100x80000000000000003847059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6e2db552447cbc2021-12-22 11:46:18.150root 11241100x80000000000000003847060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36059d173f62beb72021-12-22 11:46:18.150root 11241100x80000000000000003847061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e44e76d78302c942021-12-22 11:46:18.150root 11241100x80000000000000003847062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4d7d82add57fb32021-12-22 11:46:18.150root 11241100x80000000000000003847063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ccb9ecf5f32eb92021-12-22 11:46:18.150root 11241100x80000000000000003847064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5721f02c862db3492021-12-22 11:46:18.151root 11241100x80000000000000003847065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d760041baf270c302021-12-22 11:46:18.151root 11241100x80000000000000003847066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93839595fb658552021-12-22 11:46:18.151root 11241100x80000000000000003847067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278a77a0c1287b982021-12-22 11:46:18.151root 11241100x80000000000000003847068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6591ab990307e6e42021-12-22 11:46:18.151root 11241100x80000000000000003847069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef675aeeb290be2021-12-22 11:46:18.151root 11241100x80000000000000003847070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606ed14c5a63758d2021-12-22 11:46:18.151root 11241100x80000000000000003847071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e94b714db05e7d2021-12-22 11:46:18.151root 11241100x80000000000000003847072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978c669f1e608ad12021-12-22 11:46:18.151root 11241100x80000000000000003847073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c31915907bfefe32021-12-22 11:46:18.151root 11241100x80000000000000003847074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641778ad2d1e78cc2021-12-22 11:46:18.151root 11241100x80000000000000003847075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4011e8e48c922d462021-12-22 11:46:18.151root 11241100x80000000000000003847076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.156{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000.journal2021-12-22 11:46:18.156root 23542300x80000000000000003847077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.170{ec2b6afe-9233-61c1-c81a-006eee550000}454root/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000@23a4030a05c14f4487fe6448e1318b5d-0000000000000000-0000000000000000.journal--- 23542300x80000000000000003847078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.170{ec2b6afe-9233-61c1-c81a-006eee550000}454root/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/system@4af434efcfd14cd9a23dd2a5a29b6b88-000000000031b7fe-0005d3b77108ddc6.journal--- 11241100x80000000000000003847079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65f2e07ce1d7f692021-12-22 11:46:18.184root 11241100x80000000000000003847080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f32736043cef1e02021-12-22 11:46:18.184root 11241100x80000000000000003847081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0a5dbdfcd162622021-12-22 11:46:18.185root 11241100x80000000000000003847082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4787fadf00702d12021-12-22 11:46:18.185root 11241100x80000000000000003847083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bc947c36863a932021-12-22 11:46:18.185root 11241100x80000000000000003847084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3049b07f7d350ee82021-12-22 11:46:18.185root 11241100x80000000000000003847085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb81cdc9707cf8ea2021-12-22 11:46:18.185root 11241100x80000000000000003847086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05555105bc85362a2021-12-22 11:46:18.185root 11241100x80000000000000003847087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc346ae8556e515b2021-12-22 11:46:18.186root 11241100x80000000000000003847088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1397a0e924218d9a2021-12-22 11:46:18.186root 11241100x80000000000000003847089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8aa2b03acf7e2d2021-12-22 11:46:18.186root 11241100x80000000000000003847090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4673e10ba41e8e122021-12-22 11:46:18.186root 11241100x80000000000000003847091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe08822052b0ebe2021-12-22 11:46:18.186root 11241100x80000000000000003847092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12b5321a6a5f2542021-12-22 11:46:18.186root 11241100x80000000000000003847093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce85f7de5c29092021-12-22 11:46:18.186root 11241100x80000000000000003847094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c76ffe1ec53ed2021-12-22 11:46:18.186root 11241100x80000000000000003847095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c745acca862ab9f2021-12-22 11:46:18.186root 11241100x80000000000000003847096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17cc5c66916365e2021-12-22 11:46:18.186root 11241100x80000000000000003847097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a1fa0de309c4962021-12-22 11:46:18.187root 11241100x80000000000000003847098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585b9e016eafbf322021-12-22 11:46:18.187root 11241100x80000000000000003847099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.356ba52bfb53a5872021-12-22 11:46:18.187root 11241100x80000000000000003847100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f05c69e498ec92021-12-22 11:46:18.187root 11241100x80000000000000003847101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945bbf6b7f4f17402021-12-22 11:46:18.187root 11241100x80000000000000003847102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b0c6ef8839c4a62021-12-22 11:46:18.187root 11241100x80000000000000003847103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cd55fa390b65232021-12-22 11:46:18.187root 11241100x80000000000000003847104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec1481cfb473e862021-12-22 11:46:18.187root 11241100x80000000000000003847105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437338ce819ea7ac2021-12-22 11:46:18.187root 11241100x80000000000000003847106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcbb6150e5521c72021-12-22 11:46:18.187root 11241100x80000000000000003847107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ea0b80a11bf322021-12-22 11:46:18.187root 534500x80000000000000003847108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.205{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x80000000000000003847109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216d1d78f3aab4332021-12-22 11:46:18.442root 11241100x80000000000000003847110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d4fe0c434d2a012021-12-22 11:46:18.443root 11241100x80000000000000003847111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744771d1e15414982021-12-22 11:46:18.443root 11241100x80000000000000003847112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40407b924aa97eda2021-12-22 11:46:18.443root 11241100x80000000000000003847113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da150ad13109a6e2021-12-22 11:46:18.443root 11241100x80000000000000003847114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bad01b60fa401992021-12-22 11:46:18.443root 11241100x80000000000000003847115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abd0ea09939d3ec2021-12-22 11:46:18.443root 11241100x80000000000000003847116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980f7d969dd514a02021-12-22 11:46:18.444root 11241100x80000000000000003847117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b265dac19ba33e082021-12-22 11:46:18.444root 11241100x80000000000000003847118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d94ae7144d75102021-12-22 11:46:18.444root 11241100x80000000000000003847119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad66ac82e8e8a532021-12-22 11:46:18.444root 11241100x80000000000000003847120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e74d43c97d250642021-12-22 11:46:18.444root 11241100x80000000000000003847121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6155278e19634a292021-12-22 11:46:18.445root 11241100x80000000000000003847122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2d03ea5d0e4d522021-12-22 11:46:18.445root 11241100x80000000000000003847123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef31cf0b6cab29562021-12-22 11:46:18.445root 11241100x80000000000000003847124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c971ce7d792e172021-12-22 11:46:18.445root 11241100x80000000000000003847125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec482bca319985f52021-12-22 11:46:18.445root 11241100x80000000000000003847126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a745cefa514fce2021-12-22 11:46:18.446root 11241100x80000000000000003847127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19e3c8bfcaf735f2021-12-22 11:46:18.446root 11241100x80000000000000003847128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e0998e8846e3002021-12-22 11:46:18.446root 11241100x80000000000000003847129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5a00c197c01e0d2021-12-22 11:46:18.446root 11241100x80000000000000003847130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b09a5dc5c77fd672021-12-22 11:46:18.446root 11241100x80000000000000003847131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8679c8ffb4334b2021-12-22 11:46:18.446root 11241100x80000000000000003847132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dc46d25dd0a3f02021-12-22 11:46:18.446root 11241100x80000000000000003847133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714f38e50d02b3452021-12-22 11:46:18.447root 11241100x80000000000000003847134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb2d9a76289d2b52021-12-22 11:46:18.447root 11241100x80000000000000003847135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114f086f4f988c5b2021-12-22 11:46:18.447root 11241100x80000000000000003847136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028979eae65363432021-12-22 11:46:18.447root 11241100x80000000000000003847137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d35cfaa4c3a3c02021-12-22 11:46:18.447root 11241100x80000000000000003847138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692bc895f8e939df2021-12-22 11:46:18.447root 11241100x80000000000000003847139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5221387e543e1b2021-12-22 11:46:18.447root 11241100x80000000000000003847140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6c73f6ca9b516f2021-12-22 11:46:18.447root 11241100x80000000000000003847141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad384de3d9d96cdd2021-12-22 11:46:18.448root 11241100x80000000000000003847142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6080cee5f50543652021-12-22 11:46:18.448root 11241100x80000000000000003847143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40f10094af09d9d2021-12-22 11:46:18.448root 11241100x80000000000000003847144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37000a4fd17e68f22021-12-22 11:46:18.448root 11241100x80000000000000003847145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f584ce1c990abf82021-12-22 11:46:18.448root 11241100x80000000000000003847146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2021c2c49610d62021-12-22 11:46:18.448root 11241100x80000000000000003847147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b0898a5f0322bd2021-12-22 11:46:18.448root 11241100x80000000000000003847148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab3430b6da1c01d2021-12-22 11:46:18.448root 11241100x80000000000000003847149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f8c3006f95a48c2021-12-22 11:46:18.449root 11241100x80000000000000003847150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63501343a00228f2021-12-22 11:46:18.449root 11241100x80000000000000003847151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adcaca84fc2589e2021-12-22 11:46:18.449root 11241100x80000000000000003847152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1926ea5f508425852021-12-22 11:46:18.449root 11241100x80000000000000003847153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51390e6c4095e4122021-12-22 11:46:18.449root 11241100x80000000000000003847154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633c463f4dbab3182021-12-22 11:46:18.449root 11241100x80000000000000003847155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b59457a6cba2ce2021-12-22 11:46:18.450root 11241100x80000000000000003847156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f11deba454e1ed22021-12-22 11:46:18.450root 11241100x80000000000000003847157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a1ff365e749a9e2021-12-22 11:46:18.450root 11241100x80000000000000003847158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790f99437d0d9692021-12-22 11:46:18.450root 11241100x80000000000000003847159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529acc5093ab43f32021-12-22 11:46:18.450root 11241100x80000000000000003847160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609380f401a7ac0e2021-12-22 11:46:18.450root 11241100x80000000000000003847161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81110200b00bf5092021-12-22 11:46:18.450root 11241100x80000000000000003847162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf70a1724695c3b2021-12-22 11:46:18.451root 11241100x80000000000000003847163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172ab4d3ee0634b32021-12-22 11:46:18.451root 11241100x80000000000000003847164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca44abb5cecd8b302021-12-22 11:46:18.451root 11241100x80000000000000003847165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8502a549ee5a3adb2021-12-22 11:46:18.451root 11241100x80000000000000003847166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecdcb15bcba6a552021-12-22 11:46:18.451root 11241100x80000000000000003847167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4a21a4d84c2c392021-12-22 11:46:18.451root 11241100x80000000000000003847168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5862fcec9d6d7d2021-12-22 11:46:18.451root 11241100x80000000000000003847169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b34bf4f2c7bf3972021-12-22 11:46:18.451root 11241100x80000000000000003847170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479c693f6530c7ba2021-12-22 11:46:18.451root 11241100x80000000000000003847171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b0c63a4be5f7972021-12-22 11:46:18.451root 11241100x80000000000000003847172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fba8c86986b1072021-12-22 11:46:18.451root 11241100x80000000000000003847173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1990166ac00240062021-12-22 11:46:18.451root 11241100x80000000000000003847174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefc56591f963e612021-12-22 11:46:18.451root 11241100x80000000000000003847175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b687f0765970d2bb2021-12-22 11:46:18.451root 11241100x80000000000000003847176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538e0d62474cb0fe2021-12-22 11:46:18.451root 11241100x80000000000000003847177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f94bb9718ddefc2021-12-22 11:46:18.452root 11241100x80000000000000003847178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ee3dc936eb84022021-12-22 11:46:18.452root 11241100x80000000000000003847179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44ca7bb08d013c12021-12-22 11:46:18.452root 11241100x80000000000000003847180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1ef94581afb90d2021-12-22 11:46:18.452root 11241100x80000000000000003847181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f57a356f3788512021-12-22 11:46:18.452root 11241100x80000000000000003847182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2c984b4cdb43502021-12-22 11:46:18.452root 11241100x80000000000000003847183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f187048a96e15e8f2021-12-22 11:46:18.452root 11241100x80000000000000003847184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8533016a771fefb52021-12-22 11:46:18.452root 11241100x80000000000000003847185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8796289a48a80432021-12-22 11:46:18.452root 11241100x80000000000000003847186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1034d0fecb47dd2021-12-22 11:46:18.452root 11241100x80000000000000003847187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0409a6372c83b12021-12-22 11:46:18.452root 11241100x80000000000000003847188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a670a071fcd7b12021-12-22 11:46:18.453root 11241100x80000000000000003847189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc8c4083b3fa65f2021-12-22 11:46:18.453root 11241100x80000000000000003847190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d014788088c60e32021-12-22 11:46:18.453root 11241100x80000000000000003847191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c3fe1e21f6c9cd2021-12-22 11:46:18.453root 11241100x80000000000000003847192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae012cca20081b022021-12-22 11:46:18.453root 11241100x80000000000000003847193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f2858a04ff25d32021-12-22 11:46:18.453root 11241100x80000000000000003847194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b59d0e1ba99f162021-12-22 11:46:18.453root 11241100x80000000000000003847195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8025ca3a54ffbe182021-12-22 11:46:18.453root 11241100x80000000000000003847196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64b3f352e31156e2021-12-22 11:46:18.453root 11241100x80000000000000003847197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a30030eb4dc6d512021-12-22 11:46:18.454root 11241100x80000000000000003847198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0acff8ae4618c62021-12-22 11:46:18.454root 11241100x80000000000000003847199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b08d4ad08051292021-12-22 11:46:18.454root 11241100x80000000000000003847200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78391b331b9360a02021-12-22 11:46:18.943root 11241100x80000000000000003847201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa46e25e74d3cb822021-12-22 11:46:18.943root 11241100x80000000000000003847202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844d4731340fb57b2021-12-22 11:46:18.943root 11241100x80000000000000003847203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebcf2b2229d04712021-12-22 11:46:18.943root 11241100x80000000000000003847204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872a6b8ad2fc30ff2021-12-22 11:46:18.943root 11241100x80000000000000003847205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4134e46055c2b8bd2021-12-22 11:46:18.943root 11241100x80000000000000003847206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f41cbeeb4d1b562021-12-22 11:46:18.943root 11241100x80000000000000003847207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23a2652e5d7ee752021-12-22 11:46:18.943root 11241100x80000000000000003847208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c819f9df750cf09a2021-12-22 11:46:18.944root 11241100x80000000000000003847209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aa3306cd6c56432021-12-22 11:46:18.944root 11241100x80000000000000003847210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28eb87998adbc7952021-12-22 11:46:18.944root 11241100x80000000000000003847211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e27cc70ac044132021-12-22 11:46:18.944root 11241100x80000000000000003847212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc428f6fb97196aa2021-12-22 11:46:18.944root 11241100x80000000000000003847213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e14113b7fc0847c2021-12-22 11:46:18.944root 11241100x80000000000000003847214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8193a943f50d04d72021-12-22 11:46:18.944root 11241100x80000000000000003847215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f324d17fcf98722021-12-22 11:46:18.944root 11241100x80000000000000003847216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0769f1d5ea6ac9cd2021-12-22 11:46:18.944root 11241100x80000000000000003847217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158b8c2c2ed802f02021-12-22 11:46:18.944root 11241100x80000000000000003847218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8735c953cc50d53f2021-12-22 11:46:18.944root 11241100x80000000000000003847219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024e34fa74cc3a9f2021-12-22 11:46:18.944root 11241100x80000000000000003847220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b71d1cb7cee2ad2021-12-22 11:46:18.945root 11241100x80000000000000003847221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f4c359bc10d7ef2021-12-22 11:46:18.945root 11241100x80000000000000003847222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97883d2942a59cd32021-12-22 11:46:18.945root 11241100x80000000000000003847223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2450cb97cdfe20302021-12-22 11:46:18.945root 11241100x80000000000000003847224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24e477a4b2d0fcb2021-12-22 11:46:18.945root 11241100x80000000000000003847225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904180e957df4cd62021-12-22 11:46:18.945root 11241100x80000000000000003847226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245557c7ea11fff52021-12-22 11:46:18.945root 11241100x80000000000000003847227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b891b470e02873362021-12-22 11:46:18.945root 11241100x80000000000000003847228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50addcdea3fcbb472021-12-22 11:46:18.945root 11241100x80000000000000003847229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90617a8e9922c19e2021-12-22 11:46:19.443root 11241100x80000000000000003847230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9edd6bae2042242021-12-22 11:46:19.443root 11241100x80000000000000003847231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db6f511c0a97a632021-12-22 11:46:19.443root 11241100x80000000000000003847232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2151b6eb575ae7212021-12-22 11:46:19.443root 11241100x80000000000000003847233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beaedade0e1ce2b2021-12-22 11:46:19.443root 11241100x80000000000000003847234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1afdc057c80e1f2021-12-22 11:46:19.443root 11241100x80000000000000003847235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d0e3a62624d31d2021-12-22 11:46:19.443root 11241100x80000000000000003847236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0049165d08fdb3622021-12-22 11:46:19.443root 11241100x80000000000000003847237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3941afae660d12021-12-22 11:46:19.443root 11241100x80000000000000003847238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5724fe4c4f99d0b32021-12-22 11:46:19.444root 11241100x80000000000000003847239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddd35ee1815f3de2021-12-22 11:46:19.444root 11241100x80000000000000003847240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e29ae02989c8c642021-12-22 11:46:19.444root 11241100x80000000000000003847241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ec7a0ab5c59462021-12-22 11:46:19.444root 11241100x80000000000000003847242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6d2dc9b026d9692021-12-22 11:46:19.444root 11241100x80000000000000003847243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab452a2229561e42021-12-22 11:46:19.444root 11241100x80000000000000003847244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93497716b5fccce62021-12-22 11:46:19.444root 11241100x80000000000000003847245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ef1db273c4452a2021-12-22 11:46:19.444root 11241100x80000000000000003847246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c3a30ab5fe49f42021-12-22 11:46:19.444root 11241100x80000000000000003847247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdc9cdd162c27412021-12-22 11:46:19.445root 11241100x80000000000000003847248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1be3800891274f42021-12-22 11:46:19.445root 11241100x80000000000000003847249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b0ce65701052bd2021-12-22 11:46:19.445root 11241100x80000000000000003847250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c3b8a296d282e2021-12-22 11:46:19.445root 11241100x80000000000000003847251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53a22f505b1c7a32021-12-22 11:46:19.445root 11241100x80000000000000003847252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92722d44aaebea12021-12-22 11:46:19.445root 11241100x80000000000000003847253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d913be4b6ed73b2021-12-22 11:46:19.445root 11241100x80000000000000003847254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcebab28221a52d2021-12-22 11:46:19.445root 11241100x80000000000000003847255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970c81944fb357cc2021-12-22 11:46:19.446root 11241100x80000000000000003847256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbd60080b3986b72021-12-22 11:46:19.446root 11241100x80000000000000003847257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adff433dbb48b0542021-12-22 11:46:19.447root 11241100x80000000000000003847258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee7a4b269309752021-12-22 11:46:19.447root 11241100x80000000000000003847259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa1244d2161b50e2021-12-22 11:46:19.447root 11241100x80000000000000003847260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69162a31e38482022021-12-22 11:46:19.943root 11241100x80000000000000003847261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc4c2acb1ab95122021-12-22 11:46:19.943root 11241100x80000000000000003847262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e462b38583b85c2021-12-22 11:46:19.943root 11241100x80000000000000003847263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c109837212b794b02021-12-22 11:46:19.943root 11241100x80000000000000003847264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31408c2f5d910a162021-12-22 11:46:19.943root 11241100x80000000000000003847265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35cd8d1c17cc4882021-12-22 11:46:19.943root 11241100x80000000000000003847266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b40e04b12ef8372021-12-22 11:46:19.943root 11241100x80000000000000003847267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a2b7b2e46650e2021-12-22 11:46:19.944root 11241100x80000000000000003847268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6623df523dc91cc72021-12-22 11:46:19.944root 11241100x80000000000000003847269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401d5c61ad1843fd2021-12-22 11:46:19.944root 11241100x80000000000000003847270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16366ccf46e08bf52021-12-22 11:46:19.944root 11241100x80000000000000003847271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed496a3c348b3952021-12-22 11:46:19.944root 11241100x80000000000000003847272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e099f1b8c714262021-12-22 11:46:19.944root 11241100x80000000000000003847273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de7cfbac6c478992021-12-22 11:46:19.944root 11241100x80000000000000003847274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57774b10c73f7c872021-12-22 11:46:19.944root 11241100x80000000000000003847275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2c7d0fe3c86bdf2021-12-22 11:46:19.944root 11241100x80000000000000003847276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53946dde120fa982021-12-22 11:46:19.944root 11241100x80000000000000003847277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059c6db1613841792021-12-22 11:46:19.944root 11241100x80000000000000003847278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990010bc301f7a962021-12-22 11:46:19.945root 11241100x80000000000000003847279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab630a5a706707542021-12-22 11:46:19.945root 11241100x80000000000000003847280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d50af7feb4a5a242021-12-22 11:46:19.945root 11241100x80000000000000003847281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c48444f5eee0fd2021-12-22 11:46:19.945root 11241100x80000000000000003847282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed937f1d1ab7dda2021-12-22 11:46:19.945root 11241100x80000000000000003847283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7c4c549e989bde2021-12-22 11:46:19.945root 11241100x80000000000000003847284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24738994eb92c8922021-12-22 11:46:19.945root 11241100x80000000000000003847285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd173dade086c6a42021-12-22 11:46:19.945root 11241100x80000000000000003847286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d968e9b671129272021-12-22 11:46:19.945root 11241100x80000000000000003847287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714114372023d1f02021-12-22 11:46:19.946root 11241100x80000000000000003847288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95c8650eb3c10382021-12-22 11:46:20.443root 11241100x80000000000000003847289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f0169533bcd3cb2021-12-22 11:46:20.443root 11241100x80000000000000003847290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a90688a5d1a32e32021-12-22 11:46:20.443root 11241100x80000000000000003847291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4207ab39d1714f82021-12-22 11:46:20.443root 11241100x80000000000000003847292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a37c8513e1012ea2021-12-22 11:46:20.443root 11241100x80000000000000003847293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4100d2340fe2447f2021-12-22 11:46:20.443root 11241100x80000000000000003847294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d974d9acee5fba2021-12-22 11:46:20.444root 11241100x80000000000000003847295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965049f324ed22b92021-12-22 11:46:20.444root 11241100x80000000000000003847296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a70713e13000222021-12-22 11:46:20.444root 11241100x80000000000000003847297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8bb140803c2aad2021-12-22 11:46:20.444root 11241100x80000000000000003847298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1827c8b7d612a00f2021-12-22 11:46:20.444root 11241100x80000000000000003847299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fc99c8f34da2bc2021-12-22 11:46:20.444root 11241100x80000000000000003847300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ba584a62bbaa602021-12-22 11:46:20.444root 11241100x80000000000000003847301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4066584775da7b2021-12-22 11:46:20.444root 11241100x80000000000000003847302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8326ae51b4ff450e2021-12-22 11:46:20.444root 11241100x80000000000000003847303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12254c74beae6662021-12-22 11:46:20.444root 11241100x80000000000000003847304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7ecef09eb4c5222021-12-22 11:46:20.444root 11241100x80000000000000003847305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f8654767435582021-12-22 11:46:20.445root 11241100x80000000000000003847306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089f50d69381ad22021-12-22 11:46:20.445root 11241100x80000000000000003847307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7482403b24f4902021-12-22 11:46:20.445root 11241100x80000000000000003847308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e834139c6a621a02021-12-22 11:46:20.445root 11241100x80000000000000003847309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a872459160f71cba2021-12-22 11:46:20.445root 11241100x80000000000000003847310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9508661a203468c22021-12-22 11:46:20.445root 11241100x80000000000000003847311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5edc38aed6ca689c2021-12-22 11:46:20.445root 11241100x80000000000000003847312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46e40cf893868a92021-12-22 11:46:20.445root 11241100x80000000000000003847313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a132488113f802021-12-22 11:46:20.445root 11241100x80000000000000003847314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c64a38539c4bfd2021-12-22 11:46:20.446root 11241100x80000000000000003847315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba23f0b78d5c75e62021-12-22 11:46:20.446root 11241100x80000000000000003847316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7106f657cb9534992021-12-22 11:46:20.446root 11241100x80000000000000003847317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47476c2b9bc03d512021-12-22 11:46:20.446root 11241100x80000000000000003847318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcbd99830f940b92021-12-22 11:46:20.446root 11241100x80000000000000003847319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b19d54c04339b32021-12-22 11:46:20.943root 11241100x80000000000000003847320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5ce53818d615ff2021-12-22 11:46:20.943root 11241100x80000000000000003847321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f532fb52c7b4dc2021-12-22 11:46:20.943root 11241100x80000000000000003847322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6456baa13427642021-12-22 11:46:20.943root 11241100x80000000000000003847323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf2c32f54aaae6e2021-12-22 11:46:20.944root 11241100x80000000000000003847324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dadf4b28e3d17a82021-12-22 11:46:20.944root 11241100x80000000000000003847325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735ae8905ad904c42021-12-22 11:46:20.944root 11241100x80000000000000003847326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d8559052dc09b42021-12-22 11:46:20.944root 11241100x80000000000000003847327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106d15433c16b9512021-12-22 11:46:20.944root 11241100x80000000000000003847328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b44e2aed9bd90d02021-12-22 11:46:20.944root 11241100x80000000000000003847329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57dc648c579c7df2021-12-22 11:46:20.944root 11241100x80000000000000003847330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c453622089cd48a62021-12-22 11:46:20.944root 11241100x80000000000000003847331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cdd0a103c0b3b42021-12-22 11:46:20.944root 11241100x80000000000000003847332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f191b9454d7c627e2021-12-22 11:46:20.944root 11241100x80000000000000003847333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cb3623467c93502021-12-22 11:46:20.944root 11241100x80000000000000003847334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebdee0da5cebc8d2021-12-22 11:46:20.944root 11241100x80000000000000003847335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d6637dd490e4392021-12-22 11:46:20.944root 11241100x80000000000000003847336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78554968bc55b6bc2021-12-22 11:46:20.945root 11241100x80000000000000003847337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8409ab26966100c22021-12-22 11:46:20.945root 11241100x80000000000000003847338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76c93d6c7ac6c312021-12-22 11:46:20.945root 11241100x80000000000000003847339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38d72cd5fb612c72021-12-22 11:46:20.945root 11241100x80000000000000003847340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b876bd85ee48679f2021-12-22 11:46:20.945root 11241100x80000000000000003847341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c8433446dea442021-12-22 11:46:20.945root 11241100x80000000000000003847342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6acbc10a6354fc82021-12-22 11:46:20.945root 11241100x80000000000000003847343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aec67f36407c9fc2021-12-22 11:46:20.945root 11241100x80000000000000003847344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b293a68afa4c170e2021-12-22 11:46:20.945root 11241100x80000000000000003847345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0269e86f17232d2021-12-22 11:46:20.946root 11241100x80000000000000003847346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9737532f04d95ba2021-12-22 11:46:20.946root 11241100x80000000000000003847347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a635f6684c06a11d2021-12-22 11:46:21.443root 11241100x80000000000000003847348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1307e1dcd1f95e2021-12-22 11:46:21.443root 11241100x80000000000000003847349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b869a858a69ac3b2021-12-22 11:46:21.443root 11241100x80000000000000003847350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a9cce7660021952021-12-22 11:46:21.443root 11241100x80000000000000003847351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a49c30d7457963b2021-12-22 11:46:21.443root 11241100x80000000000000003847352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c69410ecbd000c2021-12-22 11:46:21.444root 11241100x80000000000000003847353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc411fcb435637fe2021-12-22 11:46:21.444root 11241100x80000000000000003847354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44313078ec89d2552021-12-22 11:46:21.444root 11241100x80000000000000003847355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db252cc1729bd0a72021-12-22 11:46:21.444root 11241100x80000000000000003847356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04be10bde24f020c2021-12-22 11:46:21.444root 11241100x80000000000000003847357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8bb4ffeaf907392021-12-22 11:46:21.444root 11241100x80000000000000003847358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a9a9bc241899082021-12-22 11:46:21.444root 11241100x80000000000000003847359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e13e6a65075d1d52021-12-22 11:46:21.444root 11241100x80000000000000003847360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b666952f5aaf3cf2021-12-22 11:46:21.445root 11241100x80000000000000003847361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c79d744ce9bb192021-12-22 11:46:21.445root 11241100x80000000000000003847362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79333ad2cef04d2b2021-12-22 11:46:21.445root 11241100x80000000000000003847363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680d5bf55e03919a2021-12-22 11:46:21.445root 11241100x80000000000000003847364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebded65df648f6232021-12-22 11:46:21.445root 11241100x80000000000000003847365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004873441bfd0dec2021-12-22 11:46:21.445root 11241100x80000000000000003847366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c688dd164945582021-12-22 11:46:21.445root 11241100x80000000000000003847367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7dd0790e091f082021-12-22 11:46:21.445root 11241100x80000000000000003847368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca1a9e91624bb842021-12-22 11:46:21.445root 11241100x80000000000000003847369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06719ca6737067982021-12-22 11:46:21.445root 11241100x80000000000000003847370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4b67f32c27878b2021-12-22 11:46:21.445root 11241100x80000000000000003847371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada59e64185f45612021-12-22 11:46:21.446root 11241100x80000000000000003847372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3480bd1c154dfbd2021-12-22 11:46:21.446root 11241100x80000000000000003847373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4de89c182b86b972021-12-22 11:46:21.446root 11241100x80000000000000003847374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd8b6246d5a1ae62021-12-22 11:46:21.446root 11241100x80000000000000003847375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af553374e23499e2021-12-22 11:46:21.943root 11241100x80000000000000003847376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b38bc3ec7d74c62021-12-22 11:46:21.943root 11241100x80000000000000003847377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1638d40543c671b42021-12-22 11:46:21.943root 11241100x80000000000000003847378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddc4e9ede2f112f2021-12-22 11:46:21.943root 11241100x80000000000000003847379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a4f666bde4facb2021-12-22 11:46:21.943root 11241100x80000000000000003847380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813745c6680be0cc2021-12-22 11:46:21.943root 11241100x80000000000000003847381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a149862ea610c6ae2021-12-22 11:46:21.943root 11241100x80000000000000003847382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e93aea773a35112021-12-22 11:46:21.943root 11241100x80000000000000003847383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb08e83670ddd8a2021-12-22 11:46:21.943root 11241100x80000000000000003847384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3969ad191bad8d2021-12-22 11:46:21.943root 11241100x80000000000000003847385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c32a9770ee2fe92021-12-22 11:46:21.944root 11241100x80000000000000003847386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc535f3d23cde532021-12-22 11:46:21.944root 11241100x80000000000000003847387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8c77b2ee691dc22021-12-22 11:46:21.944root 11241100x80000000000000003847388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8f13d51d3d27a32021-12-22 11:46:21.944root 11241100x80000000000000003847389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9abda3b8ca43306b2021-12-22 11:46:21.944root 11241100x80000000000000003847390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e35b8c99143132021-12-22 11:46:21.944root 11241100x80000000000000003847391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6cca008c9e001a2021-12-22 11:46:21.944root 11241100x80000000000000003847392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d80c74851acdbf02021-12-22 11:46:21.944root 11241100x80000000000000003847393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575cf93ea781dc122021-12-22 11:46:21.944root 11241100x80000000000000003847394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81934a08b230df982021-12-22 11:46:21.944root 11241100x80000000000000003847395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d436c9da4e766cb2021-12-22 11:46:21.945root 11241100x80000000000000003847396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf7eea8303541052021-12-22 11:46:21.945root 11241100x80000000000000003847397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9120ae8b26620172021-12-22 11:46:21.945root 11241100x80000000000000003847398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8326acfd3b912f2021-12-22 11:46:21.945root 11241100x80000000000000003847399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823f9cafafb8d0bf2021-12-22 11:46:21.945root 11241100x80000000000000003847400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a50dcebc49711c2021-12-22 11:46:21.945root 11241100x80000000000000003847401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50a76df07387f872021-12-22 11:46:21.945root 11241100x80000000000000003847402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f9fcfcdc8fbd1e2021-12-22 11:46:21.945root 11241100x80000000000000003847403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faf7836b113c1572021-12-22 11:46:21.945root 11241100x80000000000000003847404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27ff1902d4fe3bc2021-12-22 11:46:21.945root 11241100x80000000000000003847405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc454b5e1cc6aaef2021-12-22 11:46:22.443root 11241100x80000000000000003847406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c15120bb08ceca2021-12-22 11:46:22.443root 11241100x80000000000000003847407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26ce841582b27642021-12-22 11:46:22.443root 11241100x80000000000000003847408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a08c3b7f459eaf62021-12-22 11:46:22.443root 11241100x80000000000000003847409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24624e9f6896a6b2021-12-22 11:46:22.444root 11241100x80000000000000003847410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46650d67738986b2021-12-22 11:46:22.444root 11241100x80000000000000003847411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f24197a41d8735d2021-12-22 11:46:22.444root 11241100x80000000000000003847412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc31fbba773e723d2021-12-22 11:46:22.444root 11241100x80000000000000003847413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4842f5c4cbd1d5772021-12-22 11:46:22.444root 11241100x80000000000000003847414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4258da9c75fd132021-12-22 11:46:22.444root 11241100x80000000000000003847415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d16519b3a73a8122021-12-22 11:46:22.444root 11241100x80000000000000003847416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1b6038d05665f02021-12-22 11:46:22.444root 11241100x80000000000000003847417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513a782fa92a430b2021-12-22 11:46:22.444root 11241100x80000000000000003847418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d038609609c8f242021-12-22 11:46:22.444root 11241100x80000000000000003847419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50906548124ae9522021-12-22 11:46:22.444root 11241100x80000000000000003847420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0868d91982e8a52021-12-22 11:46:22.444root 11241100x80000000000000003847421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30340005b4cee1d32021-12-22 11:46:22.444root 11241100x80000000000000003847422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44aba25620bea0282021-12-22 11:46:22.445root 11241100x80000000000000003847423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34c161d99d3f9af2021-12-22 11:46:22.445root 11241100x80000000000000003847424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e943c56616ff9d2021-12-22 11:46:22.445root 11241100x80000000000000003847425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1fe726977522162021-12-22 11:46:22.445root 11241100x80000000000000003847426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ec2c608bde07572021-12-22 11:46:22.445root 11241100x80000000000000003847427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82499d55187d681f2021-12-22 11:46:22.445root 11241100x80000000000000003847428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6477366656d63b32021-12-22 11:46:22.445root 11241100x80000000000000003847429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aebb33ed1a0b85f2021-12-22 11:46:22.445root 11241100x80000000000000003847430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f487b10f59e5c62021-12-22 11:46:22.445root 11241100x80000000000000003847431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf36f775494a011c2021-12-22 11:46:22.445root 11241100x80000000000000003847432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd28105a69bb9c8e2021-12-22 11:46:22.446root 11241100x80000000000000003847433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baed11f7ad0f70f2021-12-22 11:46:22.446root 11241100x80000000000000003847434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa6acc7ad13b4ed2021-12-22 11:46:22.943root 11241100x80000000000000003847435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4787d0fe580a41f2021-12-22 11:46:22.943root 11241100x80000000000000003847436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fabdf92c9bf2f52021-12-22 11:46:22.943root 11241100x80000000000000003847437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4388487b4ef94d112021-12-22 11:46:22.943root 11241100x80000000000000003847438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1a82bea83a6dc42021-12-22 11:46:22.943root 11241100x80000000000000003847439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874f22e0b50baed32021-12-22 11:46:22.943root 11241100x80000000000000003847440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc895735c97af922021-12-22 11:46:22.943root 11241100x80000000000000003847441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b62a2d47447cf22021-12-22 11:46:22.943root 11241100x80000000000000003847442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e129c7c4d8b52d382021-12-22 11:46:22.943root 11241100x80000000000000003847443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378670e7a63c849e2021-12-22 11:46:22.943root 11241100x80000000000000003847444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6457db8bc313de62021-12-22 11:46:22.944root 11241100x80000000000000003847445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a483d87022f6f2021-12-22 11:46:22.944root 11241100x80000000000000003847446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aee583cb5f40ae2021-12-22 11:46:22.944root 11241100x80000000000000003847447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d63fb937f018092021-12-22 11:46:22.944root 11241100x80000000000000003847448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c30f030a0e98112021-12-22 11:46:22.944root 11241100x80000000000000003847449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37587e8e1f0438492021-12-22 11:46:22.944root 11241100x80000000000000003847450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f1d1e0fa91d0592021-12-22 11:46:22.944root 11241100x80000000000000003847451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aed97ad75a7afe42021-12-22 11:46:22.944root 11241100x80000000000000003847452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f7022e7f21c92c2021-12-22 11:46:22.944root 11241100x80000000000000003847453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c38dbb19ae9ac2b2021-12-22 11:46:22.944root 11241100x80000000000000003847454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113bd01ded82f1632021-12-22 11:46:22.944root 11241100x80000000000000003847455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ec0d742c8357702021-12-22 11:46:22.945root 11241100x80000000000000003847456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637b5f7218edac612021-12-22 11:46:22.945root 11241100x80000000000000003847457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2d4789c08bfa2b2021-12-22 11:46:22.945root 11241100x80000000000000003847458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e348a7a39667f8802021-12-22 11:46:22.945root 11241100x80000000000000003847459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2ef20c7e625e2e2021-12-22 11:46:22.945root 11241100x80000000000000003847460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3acf3793fc95e702021-12-22 11:46:22.945root 11241100x80000000000000003847461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a626adae2ad0c3e2021-12-22 11:46:22.945root 11241100x80000000000000003847462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d4734b88e1bf352021-12-22 11:46:22.945root 11241100x80000000000000003847463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00891ea460a167622021-12-22 11:46:22.945root 11241100x80000000000000003847464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a84f8c109a3094c2021-12-22 11:46:22.945root 11241100x80000000000000003847465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20233eb8b7df28a92021-12-22 11:46:22.946root 11241100x80000000000000003847466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31656315adbf62162021-12-22 11:46:22.946root 11241100x80000000000000003847467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e1bfd1530f0ab02021-12-22 11:46:22.946root 11241100x80000000000000003847468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9036b8814474be22021-12-22 11:46:22.946root 11241100x80000000000000003847469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca01f12071f4aba2021-12-22 11:46:22.946root 11241100x80000000000000003847470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2aa2a28697b10422021-12-22 11:46:22.946root 11241100x80000000000000003847471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c97a13685767792021-12-22 11:46:22.946root 11241100x80000000000000003847472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b74c4e0d6e39ac72021-12-22 11:46:22.946root 11241100x80000000000000003847473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddcfa90ed3923122021-12-22 11:46:22.946root 11241100x80000000000000003847474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6459ad0b532a1e1b2021-12-22 11:46:22.946root 11241100x80000000000000003847475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a512229faff60232021-12-22 11:46:22.946root 11241100x80000000000000003847476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4524939ad4d33e712021-12-22 11:46:22.946root 11241100x80000000000000003847477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97833a3262cae16e2021-12-22 11:46:22.947root 11241100x80000000000000003847478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0c5bd3b09aadf82021-12-22 11:46:22.947root 11241100x80000000000000003847479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcafdb82a8af39e2021-12-22 11:46:22.947root 11241100x80000000000000003847480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e904942714f9cd2021-12-22 11:46:22.947root 11241100x80000000000000003847481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b053c1ce501dc6a2021-12-22 11:46:22.947root 11241100x80000000000000003847482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fa3301ba04dba42021-12-22 11:46:22.947root 11241100x80000000000000003847483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc47801daeffc682021-12-22 11:46:22.947root 11241100x80000000000000003847484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0601dafe048cd662021-12-22 11:46:22.947root 11241100x80000000000000003847485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2677bccc157c0c2021-12-22 11:46:22.948root 11241100x80000000000000003847486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0d657228be17662021-12-22 11:46:22.948root 11241100x80000000000000003847487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24efd40e2209e1552021-12-22 11:46:22.948root 11241100x80000000000000003847488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d53b6ea68f675f232021-12-22 11:46:22.948root 11241100x80000000000000003847489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e4be3d8ae4dfb92021-12-22 11:46:22.948root 11241100x80000000000000003847490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26eebbb3463fb2a62021-12-22 11:46:22.948root 11241100x80000000000000003847491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ee4745d9f38f52021-12-22 11:46:22.948root 11241100x80000000000000003847492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871013aa264164c92021-12-22 11:46:22.948root 11241100x80000000000000003847493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2413dbffe24cbdcd2021-12-22 11:46:22.948root 11241100x80000000000000003847494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5f38730601e81e2021-12-22 11:46:22.948root 11241100x80000000000000003847495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9381d1b1db61c6cc2021-12-22 11:46:22.948root 11241100x80000000000000003847496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b526f4e3f164544b2021-12-22 11:46:22.949root 11241100x80000000000000003847497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a6dedcc30383c672021-12-22 11:46:22.949root 11241100x80000000000000003847498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6840c367404a3152021-12-22 11:46:22.949root 11241100x80000000000000003847499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c4aa981c1fa8ca2021-12-22 11:46:22.949root 11241100x80000000000000003847500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2029f68b9d6a93ef2021-12-22 11:46:22.950root 11241100x80000000000000003847501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82bd6687b78206f2021-12-22 11:46:22.950root 11241100x80000000000000003847502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d46c91c09cb002d2021-12-22 11:46:22.950root 11241100x80000000000000003847503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0158baa4a784212021-12-22 11:46:22.950root 11241100x80000000000000003847504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa5728cd18666fc2021-12-22 11:46:22.950root 11241100x80000000000000003847505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78e3a86886fc52c2021-12-22 11:46:22.950root 11241100x80000000000000003847506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9e19fca52ca8ac2021-12-22 11:46:22.951root 11241100x80000000000000003847507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09b497ce81608ea2021-12-22 11:46:22.951root 11241100x80000000000000003847508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45379547f3632e1b2021-12-22 11:46:22.951root 11241100x80000000000000003847509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04882285f084a3902021-12-22 11:46:22.951root 11241100x80000000000000003847510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f378b81eef1849a2021-12-22 11:46:22.951root 11241100x80000000000000003847511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5376f62f293902062021-12-22 11:46:22.951root 11241100x80000000000000003847512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93594718ddeae0222021-12-22 11:46:22.951root 11241100x80000000000000003847513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357826f9200579ac2021-12-22 11:46:22.951root 11241100x80000000000000003847514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cce48ac6576fc402021-12-22 11:46:22.951root 11241100x80000000000000003847515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41715354e24dd66a2021-12-22 11:46:22.952root 11241100x80000000000000003847516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934785379dfd14bc2021-12-22 11:46:22.952root 11241100x80000000000000003847517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3387f413a3dd22922021-12-22 11:46:22.952root 11241100x80000000000000003847518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e727711ef92d2bc2021-12-22 11:46:22.952root 11241100x80000000000000003847519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a73a0e7ee1ea642021-12-22 11:46:22.952root 11241100x80000000000000003847520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89aca9948fbd63282021-12-22 11:46:22.952root 11241100x80000000000000003847521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74e25c614d3bf042021-12-22 11:46:22.952root 11241100x80000000000000003847522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d295624e2d8486dc2021-12-22 11:46:22.952root 11241100x80000000000000003847523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f44c9d3eb158df2021-12-22 11:46:22.953root 11241100x80000000000000003847524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de44c49911275052021-12-22 11:46:22.953root 11241100x80000000000000003847525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ee06d890f882e12021-12-22 11:46:22.953root 11241100x80000000000000003847526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a27149c237b7cf2021-12-22 11:46:22.954root 11241100x80000000000000003847527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3859c62fe7f7cec42021-12-22 11:46:22.954root 11241100x80000000000000003847528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c639c3bd84bb4afb2021-12-22 11:46:22.954root 11241100x80000000000000003847529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcce4e5c74c4de72021-12-22 11:46:22.954root 11241100x80000000000000003847530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ec11ee9fc5694c2021-12-22 11:46:22.954root 11241100x80000000000000003847531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5a4056ef4771e42021-12-22 11:46:22.954root 11241100x80000000000000003847532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81988d990f7c41d12021-12-22 11:46:22.954root 11241100x80000000000000003847533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8fb87196a271d22021-12-22 11:46:22.954root 11241100x80000000000000003847534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66db6810e84409a2021-12-22 11:46:22.954root 11241100x80000000000000003847535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75cf0206f7ce2f32021-12-22 11:46:22.954root 11241100x80000000000000003847536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8da94fd762c16d2021-12-22 11:46:22.955root 11241100x80000000000000003847537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246131cb829620db2021-12-22 11:46:22.955root 11241100x80000000000000003847538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c21ead604f2507a2021-12-22 11:46:22.955root 11241100x80000000000000003847539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dd05592d9afdbe2021-12-22 11:46:22.955root 11241100x80000000000000003847540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9977374066393a6f2021-12-22 11:46:22.955root 11241100x80000000000000003847541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677666a55799a11a2021-12-22 11:46:22.955root 11241100x80000000000000003847542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c709db8daefc08f2021-12-22 11:46:22.955root 11241100x80000000000000003847543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523bac6d315787b72021-12-22 11:46:22.955root 11241100x80000000000000003847544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e64901e3608d612021-12-22 11:46:22.955root 11241100x80000000000000003847545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f101fd220804162021-12-22 11:46:22.955root 11241100x80000000000000003847546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19e1e881ada76d82021-12-22 11:46:22.956root 11241100x80000000000000003847547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934f872942e11a5e2021-12-22 11:46:22.956root 11241100x80000000000000003847548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b00e2be2e94b192021-12-22 11:46:22.956root 11241100x80000000000000003847549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12cf592d7c8b7ba2021-12-22 11:46:22.956root 11241100x80000000000000003847550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17056fdaf79700112021-12-22 11:46:22.956root 11241100x80000000000000003847551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e4552119ae24f32021-12-22 11:46:22.956root 11241100x80000000000000003847552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd8a94ac9f1f1862021-12-22 11:46:22.956root 11241100x80000000000000003847553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa6adc369f2cc452021-12-22 11:46:22.956root 11241100x80000000000000003847554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871a18cc1568e3af2021-12-22 11:46:22.956root 11241100x80000000000000003847555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd141a9d5ec9294e2021-12-22 11:46:22.956root 11241100x80000000000000003847556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763a19e8a56585cd2021-12-22 11:46:22.956root 11241100x80000000000000003847557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f89dd5b1f3943b82021-12-22 11:46:22.957root 11241100x80000000000000003847558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641c9d6a65028cb92021-12-22 11:46:22.957root 11241100x80000000000000003847559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:22.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bc4ae0973a0b772021-12-22 11:46:22.957root 11241100x80000000000000003847560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36321fd7267a84922021-12-22 11:46:23.442root 11241100x80000000000000003847561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ddc0cef126288f2021-12-22 11:46:23.443root 11241100x80000000000000003847562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce881b0bf612942021-12-22 11:46:23.443root 11241100x80000000000000003847563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4932196b08d5557b2021-12-22 11:46:23.443root 11241100x80000000000000003847564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d576682b5c18572021-12-22 11:46:23.443root 11241100x80000000000000003847565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c8e60a30dbf7b12021-12-22 11:46:23.443root 11241100x80000000000000003847566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22bc7184c5d416d2021-12-22 11:46:23.443root 11241100x80000000000000003847567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c17f0991c94a722021-12-22 11:46:23.443root 11241100x80000000000000003847568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a6a1e7ec45f2942021-12-22 11:46:23.444root 11241100x80000000000000003847569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739b4e67f8ba4872021-12-22 11:46:23.444root 11241100x80000000000000003847570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5166fbcd011c8da2021-12-22 11:46:23.444root 11241100x80000000000000003847571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab269598477a2f962021-12-22 11:46:23.444root 11241100x80000000000000003847572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26091429dd632342021-12-22 11:46:23.444root 11241100x80000000000000003847573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773d034141d3f1b72021-12-22 11:46:23.444root 11241100x80000000000000003847574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0459bf387e3357f32021-12-22 11:46:23.444root 11241100x80000000000000003847575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0de1f046eb04472021-12-22 11:46:23.444root 11241100x80000000000000003847576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9139398e5da99912021-12-22 11:46:23.444root 11241100x80000000000000003847577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b95bbf665843c02021-12-22 11:46:23.444root 11241100x80000000000000003847578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3f6f0aae6edb452021-12-22 11:46:23.445root 11241100x80000000000000003847579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2806fd9174498ffd2021-12-22 11:46:23.445root 11241100x80000000000000003847580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566260c2592bd9c32021-12-22 11:46:23.445root 11241100x80000000000000003847581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f85d1ffd2c7d5bae2021-12-22 11:46:23.445root 11241100x80000000000000003847582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8772acf278392512021-12-22 11:46:23.445root 11241100x80000000000000003847583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e3d951bf34c18582021-12-22 11:46:23.445root 11241100x80000000000000003847584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b8d9c1a7bc43522021-12-22 11:46:23.445root 11241100x80000000000000003847585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaaceabeed697972021-12-22 11:46:23.445root 11241100x80000000000000003847586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4355867007e6df2021-12-22 11:46:23.445root 11241100x80000000000000003847587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b29ca06c3de2eb92021-12-22 11:46:23.445root 11241100x80000000000000003847588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64c35a0bba1c1452021-12-22 11:46:23.446root 11241100x80000000000000003847589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626cce460599625c2021-12-22 11:46:23.446root 11241100x80000000000000003847590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd7db658c22cbd32021-12-22 11:46:23.446root 11241100x80000000000000003847591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5970b30024a070712021-12-22 11:46:23.446root 11241100x80000000000000003847592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f43937af3ddb202021-12-22 11:46:23.446root 11241100x80000000000000003847593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0071b5d438b26ccf2021-12-22 11:46:23.446root 11241100x80000000000000003847594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dba361b2eeabbe62021-12-22 11:46:23.447root 11241100x80000000000000003847595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e9aef2d6fb82252021-12-22 11:46:23.447root 11241100x80000000000000003847596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e87786fa4b82712021-12-22 11:46:23.447root 11241100x80000000000000003847597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334fbc194c0876b52021-12-22 11:46:23.448root 11241100x80000000000000003847598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55886d80333362f32021-12-22 11:46:23.448root 11241100x80000000000000003847599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024f445ec5ec09122021-12-22 11:46:23.448root 11241100x80000000000000003847600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153dee923aa3b2992021-12-22 11:46:23.448root 11241100x80000000000000003847601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8a1a38a13fdb4d2021-12-22 11:46:23.448root 11241100x80000000000000003847602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05b391e0e28040e2021-12-22 11:46:23.448root 11241100x80000000000000003847603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93276167adc829682021-12-22 11:46:23.448root 11241100x80000000000000003847604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e8b57b7da4fed42021-12-22 11:46:23.448root 11241100x80000000000000003847605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d486091edbf562021-12-22 11:46:23.449root 11241100x80000000000000003847606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d35d568ca53149e2021-12-22 11:46:23.449root 11241100x80000000000000003847607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabb2d82262099df2021-12-22 11:46:23.449root 11241100x80000000000000003847608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7c3d7e2be999342021-12-22 11:46:23.449root 11241100x80000000000000003847609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99329c0296825df12021-12-22 11:46:23.449root 11241100x80000000000000003847610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1a263c86cbcfc22021-12-22 11:46:23.449root 11241100x80000000000000003847611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33504684f67e0212021-12-22 11:46:23.450root 11241100x80000000000000003847612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8186bddcd64f34052021-12-22 11:46:23.450root 11241100x80000000000000003847613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa8bf514606fe142021-12-22 11:46:23.451root 11241100x80000000000000003847614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453ba4d5f2763b622021-12-22 11:46:23.451root 11241100x80000000000000003847615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc57ed4462c1e2e2021-12-22 11:46:23.452root 11241100x80000000000000003847616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819f05c9b5d7c1c82021-12-22 11:46:23.452root 11241100x80000000000000003847617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abf8395808c1cb92021-12-22 11:46:23.452root 11241100x80000000000000003847618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985c2312466bd6a72021-12-22 11:46:23.943root 11241100x80000000000000003847619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba0375ab8c79d12021-12-22 11:46:23.943root 11241100x80000000000000003847620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01e885723eff0902021-12-22 11:46:23.943root 11241100x80000000000000003847621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9d9e315e6fdf492021-12-22 11:46:23.943root 11241100x80000000000000003847622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b168ecec378d5942021-12-22 11:46:23.943root 11241100x80000000000000003847623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7190e38fb3c4972021-12-22 11:46:23.943root 11241100x80000000000000003847624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f47564dbedae102021-12-22 11:46:23.943root 11241100x80000000000000003847625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d629570dcd4e0d32021-12-22 11:46:23.944root 11241100x80000000000000003847626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cfc1721cc1f82b2021-12-22 11:46:23.945root 11241100x80000000000000003847627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cc88c5884705252021-12-22 11:46:23.945root 11241100x80000000000000003847628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa0808155daa2de2021-12-22 11:46:23.945root 11241100x80000000000000003847629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80164af6460fa4932021-12-22 11:46:23.945root 11241100x80000000000000003847630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36056c500baef83b2021-12-22 11:46:23.946root 11241100x80000000000000003847631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b548e1b86e946bdc2021-12-22 11:46:23.946root 11241100x80000000000000003847632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90bddf92aff03fef2021-12-22 11:46:23.946root 11241100x80000000000000003847633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5b184c29bd815d2021-12-22 11:46:23.946root 11241100x80000000000000003847634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9d1b2f062d6d982021-12-22 11:46:23.946root 11241100x80000000000000003847635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3100e07fba4b781e2021-12-22 11:46:23.946root 11241100x80000000000000003847636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35227a09c33604622021-12-22 11:46:23.946root 11241100x80000000000000003847637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb97ea4fe706b322021-12-22 11:46:23.946root 11241100x80000000000000003847638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dca0a4acfb3ea22021-12-22 11:46:23.946root 11241100x80000000000000003847639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b608df114ee8e22021-12-22 11:46:23.946root 11241100x80000000000000003847640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c5afda7dd9d5962021-12-22 11:46:23.947root 11241100x80000000000000003847641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc49e10ee9e66122021-12-22 11:46:23.947root 11241100x80000000000000003847642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3f5cb3d378edb2021-12-22 11:46:23.947root 11241100x80000000000000003847643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a375271000298a362021-12-22 11:46:23.947root 11241100x80000000000000003847644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5220a49c892baaa2021-12-22 11:46:23.947root 11241100x80000000000000003847645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc183a8a4ab652532021-12-22 11:46:23.947root 11241100x80000000000000003847646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a21c02740868222021-12-22 11:46:23.947root 11241100x80000000000000003847647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7695aa1968cae352021-12-22 11:46:23.947root 11241100x80000000000000003847648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932c6b897e6cf5172021-12-22 11:46:23.947root 11241100x80000000000000003847649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcfea817479918a2021-12-22 11:46:23.948root 11241100x80000000000000003847650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c2489282c5edda2021-12-22 11:46:23.948root 354300x80000000000000003847651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.055{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55432-false10.0.1.12-8000- 11241100x80000000000000003847652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52373a482e78fd682021-12-22 11:46:24.443root 11241100x80000000000000003847653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32eb9a9e1df2c7af2021-12-22 11:46:24.443root 11241100x80000000000000003847654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39510629cd3dfdfe2021-12-22 11:46:24.444root 11241100x80000000000000003847655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73f4b56f8a56ed02021-12-22 11:46:24.444root 11241100x80000000000000003847656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74e72a4de240d292021-12-22 11:46:24.445root 11241100x80000000000000003847657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f853478532ade652021-12-22 11:46:24.445root 11241100x80000000000000003847658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44202f33c9c71c652021-12-22 11:46:24.445root 11241100x80000000000000003847659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e66553030c8dcce2021-12-22 11:46:24.446root 11241100x80000000000000003847660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15dd5ade0d5d36f32021-12-22 11:46:24.446root 11241100x80000000000000003847661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914bfe71e37a5e9c2021-12-22 11:46:24.446root 11241100x80000000000000003847662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dfabca6b3f01fe2021-12-22 11:46:24.447root 11241100x80000000000000003847663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9603bfae3adcdfdd2021-12-22 11:46:24.447root 11241100x80000000000000003847664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05f3b2ab81671892021-12-22 11:46:24.447root 11241100x80000000000000003847665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e293ee1787605212021-12-22 11:46:24.448root 11241100x80000000000000003847666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e180511adabb54b2021-12-22 11:46:24.448root 11241100x80000000000000003847667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b23dab7d8b71e662021-12-22 11:46:24.448root 11241100x80000000000000003847668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b44676c377d2812021-12-22 11:46:24.448root 11241100x80000000000000003847669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d896348e9c83b32021-12-22 11:46:24.448root 11241100x80000000000000003847670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c3852273521eaf2021-12-22 11:46:24.448root 11241100x80000000000000003847671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74652896c237ed472021-12-22 11:46:24.449root 11241100x80000000000000003847672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c732a882ac914192021-12-22 11:46:24.449root 11241100x80000000000000003847673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc378f8bae30345c2021-12-22 11:46:24.449root 11241100x80000000000000003847674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a50a6971eb9f5ec2021-12-22 11:46:24.449root 11241100x80000000000000003847675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4173af6d3e7456e42021-12-22 11:46:24.449root 11241100x80000000000000003847676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd7d6e2fb09f5c72021-12-22 11:46:24.450root 11241100x80000000000000003847677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4c4aa0499d81562021-12-22 11:46:24.450root 11241100x80000000000000003847678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c1c1a3ca17182a2021-12-22 11:46:24.450root 11241100x80000000000000003847679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c82918daccf12a2021-12-22 11:46:24.450root 11241100x80000000000000003847680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8115ad1cc2bd19bb2021-12-22 11:46:24.450root 11241100x80000000000000003847681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec9549bec6522632021-12-22 11:46:24.450root 11241100x80000000000000003847682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f9ee09e54616c62021-12-22 11:46:24.943root 11241100x80000000000000003847683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cb13a15990fd942021-12-22 11:46:24.943root 11241100x80000000000000003847684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912cca336ff80ef62021-12-22 11:46:24.943root 11241100x80000000000000003847685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97408d7aa2f966632021-12-22 11:46:24.943root 11241100x80000000000000003847686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccc3382dffe98472021-12-22 11:46:24.944root 11241100x80000000000000003847687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a053b8b31add32f2021-12-22 11:46:24.944root 11241100x80000000000000003847688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37407d065d3f99a02021-12-22 11:46:24.944root 11241100x80000000000000003847689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369abd9f8d6fd182021-12-22 11:46:24.944root 11241100x80000000000000003847690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09515b7d3e861af2021-12-22 11:46:24.944root 11241100x80000000000000003847691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28ecf61fa62d4912021-12-22 11:46:24.944root 11241100x80000000000000003847692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a228e010833039cd2021-12-22 11:46:24.944root 11241100x80000000000000003847693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aed49f8d44dbb22021-12-22 11:46:24.944root 11241100x80000000000000003847694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217ec0b32965aa722021-12-22 11:46:24.944root 11241100x80000000000000003847695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33994fabfec647932021-12-22 11:46:24.944root 11241100x80000000000000003847696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653867aa8c730a852021-12-22 11:46:24.945root 11241100x80000000000000003847697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889435847c2615b62021-12-22 11:46:24.945root 11241100x80000000000000003847698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b178a97f8bd51b02021-12-22 11:46:24.945root 11241100x80000000000000003847699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabd807a93586c352021-12-22 11:46:24.945root 11241100x80000000000000003847700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce9e41bc62de582021-12-22 11:46:24.945root 11241100x80000000000000003847701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c39ff8c3e2079802021-12-22 11:46:24.945root 11241100x80000000000000003847702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca38e1fe8442c2ee2021-12-22 11:46:24.946root 11241100x80000000000000003847703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d6290eb9b7e11b2021-12-22 11:46:24.946root 11241100x80000000000000003847704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5ab8780cd8d9ee2021-12-22 11:46:24.946root 11241100x80000000000000003847705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c65ed01aae9d1342021-12-22 11:46:24.946root 11241100x80000000000000003847706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05d6e33e220a98a2021-12-22 11:46:24.946root 11241100x80000000000000003847707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccba7ca67f36f81e2021-12-22 11:46:24.946root 11241100x80000000000000003847708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bf9f8e765fc43c2021-12-22 11:46:24.946root 11241100x80000000000000003847709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775f0bb567e4513f2021-12-22 11:46:24.946root 11241100x80000000000000003847710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0c60cc518f7252021-12-22 11:46:24.946root 11241100x80000000000000003847711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e208487df7d879522021-12-22 11:46:24.947root 11241100x80000000000000003847712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb730c232a1d05b32021-12-22 11:46:24.947root 11241100x80000000000000003847713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7e56af7b2c3f8a2021-12-22 11:46:24.947root 11241100x80000000000000003847714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c0bec50bb336b92021-12-22 11:46:25.443root 11241100x80000000000000003847715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b2f069502986892021-12-22 11:46:25.443root 11241100x80000000000000003847716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee15625a55b0c702021-12-22 11:46:25.443root 11241100x80000000000000003847717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1898715b7507260e2021-12-22 11:46:25.443root 11241100x80000000000000003847718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cd20e25453a3c72021-12-22 11:46:25.443root 11241100x80000000000000003847719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b33c32e603d88a2021-12-22 11:46:25.443root 11241100x80000000000000003847720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc03c8c18c31d7f2021-12-22 11:46:25.444root 11241100x80000000000000003847721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed9f5d98b6082932021-12-22 11:46:25.444root 11241100x80000000000000003847722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939a621f573364ae2021-12-22 11:46:25.444root 11241100x80000000000000003847723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d73bcba38b0aba2021-12-22 11:46:25.444root 11241100x80000000000000003847724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8a181bf1f5fa662021-12-22 11:46:25.444root 11241100x80000000000000003847725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dbb591f0f7e41d2021-12-22 11:46:25.444root 11241100x80000000000000003847726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7642dde4bdb1516a2021-12-22 11:46:25.444root 11241100x80000000000000003847727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fac8c98f0b7664b2021-12-22 11:46:25.444root 11241100x80000000000000003847728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84809b3fac5aa04b2021-12-22 11:46:25.444root 11241100x80000000000000003847729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d575984180bc082021-12-22 11:46:25.444root 11241100x80000000000000003847730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65df511d6845c9822021-12-22 11:46:25.445root 11241100x80000000000000003847731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252f815e44413ed12021-12-22 11:46:25.445root 11241100x80000000000000003847732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b376d52a496fc4f22021-12-22 11:46:25.445root 11241100x80000000000000003847733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742ddae7151c53d02021-12-22 11:46:25.445root 11241100x80000000000000003847734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d7bb664a2991ee2021-12-22 11:46:25.445root 11241100x80000000000000003847735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f28a93358d0fde2021-12-22 11:46:25.445root 11241100x80000000000000003847736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bac2b85a89af42021-12-22 11:46:25.445root 11241100x80000000000000003847737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecc9d8ba32588662021-12-22 11:46:25.446root 11241100x80000000000000003847738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81571715547b8782021-12-22 11:46:25.446root 11241100x80000000000000003847739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ba813e91064fce2021-12-22 11:46:25.446root 11241100x80000000000000003847740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d165dbd6b33cdc2021-12-22 11:46:25.446root 11241100x80000000000000003847741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b5db4389724f272021-12-22 11:46:25.446root 11241100x80000000000000003847742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833ea1c15fd889c22021-12-22 11:46:25.446root 11241100x80000000000000003847743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a58b67e79182222021-12-22 11:46:25.446root 11241100x80000000000000003847744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92fce204e1e9c4602021-12-22 11:46:25.446root 11241100x80000000000000003847745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726755787bcefad12021-12-22 11:46:25.446root 11241100x80000000000000003847746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b8c1d90c8c25dd2021-12-22 11:46:25.446root 11241100x80000000000000003847747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78f8707deecee4d2021-12-22 11:46:25.943root 11241100x80000000000000003847748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d33e258de7ee4b72021-12-22 11:46:25.943root 11241100x80000000000000003847749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af631110aa24006f2021-12-22 11:46:25.943root 11241100x80000000000000003847750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa61dbfa983342e2021-12-22 11:46:25.943root 11241100x80000000000000003847751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505abb81beb692352021-12-22 11:46:25.943root 11241100x80000000000000003847752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb65c86f12accd82021-12-22 11:46:25.943root 11241100x80000000000000003847753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e35c4ee9f198c42021-12-22 11:46:25.943root 11241100x80000000000000003847754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cdc3e0df2524302021-12-22 11:46:25.943root 11241100x80000000000000003847755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b597ee4d329e41b2021-12-22 11:46:25.943root 11241100x80000000000000003847756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dde3eb0b7dacf72021-12-22 11:46:25.943root 11241100x80000000000000003847757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd7c35a7b4e7d4e2021-12-22 11:46:25.944root 11241100x80000000000000003847758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2ada3ebf8f4c9f2021-12-22 11:46:25.944root 11241100x80000000000000003847759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d89b61003067742021-12-22 11:46:25.944root 11241100x80000000000000003847760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c53270be048d0db2021-12-22 11:46:25.944root 11241100x80000000000000003847761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc91bc5a0f90472021-12-22 11:46:25.944root 11241100x80000000000000003847762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.286572c12d3ac6fd2021-12-22 11:46:25.944root 11241100x80000000000000003847763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bfdbdbc2bf0f0b2021-12-22 11:46:25.944root 11241100x80000000000000003847764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9709bde69cf0cf42021-12-22 11:46:25.944root 11241100x80000000000000003847765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de94d9d3bc141f02021-12-22 11:46:25.944root 11241100x80000000000000003847766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c436b41ebdb140722021-12-22 11:46:25.945root 11241100x80000000000000003847767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28148692a2bfcdf82021-12-22 11:46:25.945root 11241100x80000000000000003847768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d03186a89c46ae2021-12-22 11:46:25.945root 11241100x80000000000000003847769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435053bbfcd81bd12021-12-22 11:46:25.945root 11241100x80000000000000003847770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2a51c626c2b80c2021-12-22 11:46:25.945root 11241100x80000000000000003847771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5edace4515dce8a2021-12-22 11:46:25.945root 11241100x80000000000000003847772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e681b364d2c95332021-12-22 11:46:25.945root 11241100x80000000000000003847773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b0cada7b6a0b302021-12-22 11:46:25.945root 11241100x80000000000000003847774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e8f30eb4dfcd8152021-12-22 11:46:25.945root 11241100x80000000000000003847775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7bc38825c1a9802021-12-22 11:46:25.945root 11241100x80000000000000003847776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca6658269390c412021-12-22 11:46:25.946root 11241100x80000000000000003847777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d4bb8d157fdd8b2021-12-22 11:46:25.946root 11241100x80000000000000003847778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c2846f302012702021-12-22 11:46:25.946root 11241100x80000000000000003847779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea58a8c54eb1fd92021-12-22 11:46:25.946root 11241100x80000000000000003847780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b5a755ef381ab42021-12-22 11:46:25.946root 11241100x80000000000000003847781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0389278125f23e92021-12-22 11:46:25.946root 11241100x80000000000000003847782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a9737c56385c392021-12-22 11:46:25.946root 11241100x80000000000000003847783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f253cf15dc134d82021-12-22 11:46:26.443root 11241100x80000000000000003847784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e9806869e97aa72021-12-22 11:46:26.443root 11241100x80000000000000003847785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8998d7086fb2b34a2021-12-22 11:46:26.443root 11241100x80000000000000003847786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ed406ce6468f032021-12-22 11:46:26.443root 11241100x80000000000000003847787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b79a833abea5032021-12-22 11:46:26.443root 11241100x80000000000000003847788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5a04bc804c3c4d2021-12-22 11:46:26.443root 11241100x80000000000000003847789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae9b35026b0b0352021-12-22 11:46:26.444root 11241100x80000000000000003847790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301a3e5c900921032021-12-22 11:46:26.444root 11241100x80000000000000003847791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572d861a77f2d0f22021-12-22 11:46:26.444root 11241100x80000000000000003847792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779bafe79f8976602021-12-22 11:46:26.444root 11241100x80000000000000003847793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f6e02153c27d1d2021-12-22 11:46:26.445root 11241100x80000000000000003847794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dce6a679793b882021-12-22 11:46:26.445root 11241100x80000000000000003847795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf653e131c2fca52021-12-22 11:46:26.445root 11241100x80000000000000003847796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b0ff0d085d4d252021-12-22 11:46:26.445root 11241100x80000000000000003847797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6c3b31ec0ccccf2021-12-22 11:46:26.445root 11241100x80000000000000003847798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e22bbea644911392021-12-22 11:46:26.446root 11241100x80000000000000003847799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec84cdc8546870aa2021-12-22 11:46:26.446root 11241100x80000000000000003847800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4668368d063559a42021-12-22 11:46:26.446root 11241100x80000000000000003847801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473ae10c8c637f012021-12-22 11:46:26.446root 11241100x80000000000000003847802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c46f094fe4fd42021-12-22 11:46:26.446root 11241100x80000000000000003847803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbedc67975afdda62021-12-22 11:46:26.446root 11241100x80000000000000003847804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d34a6ad10243e472021-12-22 11:46:26.447root 11241100x80000000000000003847805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91348127eb2be8842021-12-22 11:46:26.447root 11241100x80000000000000003847806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c3f8064876a9ac2021-12-22 11:46:26.447root 11241100x80000000000000003847807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b18ea2be52783bc2021-12-22 11:46:26.447root 11241100x80000000000000003847808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86153d26cb521862021-12-22 11:46:26.447root 11241100x80000000000000003847809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dae6d1bd1d50592021-12-22 11:46:26.447root 11241100x80000000000000003847810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ff6a9c103e69882021-12-22 11:46:26.447root 11241100x80000000000000003847811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df82f266a0e0d3112021-12-22 11:46:26.447root 11241100x80000000000000003847812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2180414b4ce38b2021-12-22 11:46:26.447root 11241100x80000000000000003847813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9435e669347ddb362021-12-22 11:46:26.448root 11241100x80000000000000003847814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2bc97e45e83e5e2021-12-22 11:46:26.448root 11241100x80000000000000003847815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543fb8dc514d6a522021-12-22 11:46:26.448root 11241100x80000000000000003847816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a79806e6e14b8222021-12-22 11:46:26.448root 11241100x80000000000000003847817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbf13b60ef1098d2021-12-22 11:46:26.448root 11241100x80000000000000003847818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcd52489b144e632021-12-22 11:46:26.943root 11241100x80000000000000003847819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0defa9022fbf9ee2021-12-22 11:46:26.943root 11241100x80000000000000003847820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5306c4952079bca2021-12-22 11:46:26.943root 11241100x80000000000000003847821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcb143861cabe5d2021-12-22 11:46:26.943root 11241100x80000000000000003847822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f8448a3c3b022c2021-12-22 11:46:26.944root 11241100x80000000000000003847823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac310a98ef40926c2021-12-22 11:46:26.944root 11241100x80000000000000003847824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7595b08afa2506ea2021-12-22 11:46:26.944root 11241100x80000000000000003847825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780c9b7a6df729832021-12-22 11:46:26.944root 11241100x80000000000000003847826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c886d1daf3b41aa62021-12-22 11:46:26.944root 11241100x80000000000000003847827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394040be164ddc222021-12-22 11:46:26.944root 11241100x80000000000000003847828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7af3309c9cc8b52021-12-22 11:46:26.944root 11241100x80000000000000003847829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc43d6e4816c31702021-12-22 11:46:26.944root 11241100x80000000000000003847830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29da6899fcd82182021-12-22 11:46:26.945root 11241100x80000000000000003847831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3d6cf75d9074812021-12-22 11:46:26.945root 11241100x80000000000000003847832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5d17e53d8a0c062021-12-22 11:46:26.945root 11241100x80000000000000003847833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392d38dd025466982021-12-22 11:46:26.945root 11241100x80000000000000003847834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee821ae54c406fad2021-12-22 11:46:26.945root 11241100x80000000000000003847835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a4915c906d07232021-12-22 11:46:26.945root 11241100x80000000000000003847836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211ed16dd9862c872021-12-22 11:46:26.945root 11241100x80000000000000003847837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b993b055a4104bc62021-12-22 11:46:26.946root 11241100x80000000000000003847838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c2929ae5dbbc062021-12-22 11:46:26.946root 11241100x80000000000000003847839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55746dbb73a6f2d22021-12-22 11:46:26.946root 11241100x80000000000000003847840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3c4868b1067d292021-12-22 11:46:26.946root 11241100x80000000000000003847841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bcea930fc2ea242021-12-22 11:46:26.946root 11241100x80000000000000003847842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4481aeb8415cccd22021-12-22 11:46:26.946root 11241100x80000000000000003847843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953864dbd64834572021-12-22 11:46:26.947root 11241100x80000000000000003847844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c5923ccd7a3112021-12-22 11:46:26.947root 11241100x80000000000000003847845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4faa3b6f79645112021-12-22 11:46:26.947root 11241100x80000000000000003847846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3eea2cf42fe100c2021-12-22 11:46:26.947root 11241100x80000000000000003847847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee9119a8934ff902021-12-22 11:46:27.443root 11241100x80000000000000003847848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da2726a690377fb2021-12-22 11:46:27.443root 11241100x80000000000000003847849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a66cf2653a605d2021-12-22 11:46:27.443root 11241100x80000000000000003847850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae2e4dc0071981d2021-12-22 11:46:27.443root 11241100x80000000000000003847851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69c9dffc02461ea2021-12-22 11:46:27.443root 11241100x80000000000000003847852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59668e4f61ff2add2021-12-22 11:46:27.443root 11241100x80000000000000003847853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ab8904fa69e2f52021-12-22 11:46:27.443root 11241100x80000000000000003847854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f48c9e9adcc4f32021-12-22 11:46:27.443root 11241100x80000000000000003847855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adca911909df7c632021-12-22 11:46:27.443root 11241100x80000000000000003847856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c93ee241f76c12021-12-22 11:46:27.444root 11241100x80000000000000003847857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615b9e0f350103172021-12-22 11:46:27.444root 11241100x80000000000000003847858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af134a56a701947e2021-12-22 11:46:27.444root 11241100x80000000000000003847859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1354be0fc7aaa322021-12-22 11:46:27.444root 11241100x80000000000000003847860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e21d2a7773e1ee92021-12-22 11:46:27.444root 11241100x80000000000000003847861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420c95e02365dac42021-12-22 11:46:27.444root 11241100x80000000000000003847862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1909a0d48761bb2021-12-22 11:46:27.444root 11241100x80000000000000003847863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bab9c4d68070f5c2021-12-22 11:46:27.444root 11241100x80000000000000003847864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4f5951e35cef8e2021-12-22 11:46:27.444root 11241100x80000000000000003847865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c5a874571d5f712021-12-22 11:46:27.444root 11241100x80000000000000003847866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a144f589e93b06b92021-12-22 11:46:27.445root 11241100x80000000000000003847867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253bbbf37f73c03c2021-12-22 11:46:27.445root 11241100x80000000000000003847868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a978e1aaf01077542021-12-22 11:46:27.445root 11241100x80000000000000003847869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c166441f3bdf2a2021-12-22 11:46:27.445root 11241100x80000000000000003847870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bdc6b4f1f69bf62021-12-22 11:46:27.445root 11241100x80000000000000003847871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16191e569f6e73e2021-12-22 11:46:27.445root 11241100x80000000000000003847872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1d50d57f9d51d72021-12-22 11:46:27.445root 11241100x80000000000000003847873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee6f2ffc516e4992021-12-22 11:46:27.445root 11241100x80000000000000003847874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bc3f9c53ae7cd42021-12-22 11:46:27.445root 11241100x80000000000000003847875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2e58323ebe211b2021-12-22 11:46:27.445root 11241100x80000000000000003847876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a34451db88ef452021-12-22 11:46:27.446root 11241100x80000000000000003847877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b08151ada80cca42021-12-22 11:46:27.446root 11241100x80000000000000003847878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1101c536a3d6b5fd2021-12-22 11:46:27.446root 11241100x80000000000000003847879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95e2a47d8ed29752021-12-22 11:46:27.446root 11241100x80000000000000003847880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b6d235b1a30bbd2021-12-22 11:46:27.446root 11241100x80000000000000003847881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390ef02e820cbf132021-12-22 11:46:27.943root 11241100x80000000000000003847882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261a5d3dfee96602021-12-22 11:46:27.943root 11241100x80000000000000003847883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f941aaf4baf69c12021-12-22 11:46:27.943root 11241100x80000000000000003847884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7828a8cc93a1792021-12-22 11:46:27.943root 11241100x80000000000000003847885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527d83d129f570072021-12-22 11:46:27.943root 11241100x80000000000000003847886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d126b5c324dd00512021-12-22 11:46:27.943root 11241100x80000000000000003847887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0843e0389c8b352021-12-22 11:46:27.943root 11241100x80000000000000003847888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ec740cd112fac2021-12-22 11:46:27.944root 11241100x80000000000000003847889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6706fc630a11dd462021-12-22 11:46:27.944root 11241100x80000000000000003847890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3b5dd251e46a602021-12-22 11:46:27.944root 11241100x80000000000000003847891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ec5809fb5fa9c92021-12-22 11:46:27.944root 11241100x80000000000000003847892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438ac1ff3c2934f42021-12-22 11:46:27.944root 11241100x80000000000000003847893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f08b9018a3cab872021-12-22 11:46:27.944root 11241100x80000000000000003847894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2912f1dd714dff2b2021-12-22 11:46:27.944root 11241100x80000000000000003847895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03f13bd39be086a2021-12-22 11:46:27.944root 11241100x80000000000000003847896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69dc61a0ac472f22021-12-22 11:46:27.945root 11241100x80000000000000003847897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200118b0a5ba4f02021-12-22 11:46:27.945root 11241100x80000000000000003847898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc84ae2b2e900102021-12-22 11:46:27.945root 11241100x80000000000000003847899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5ab6ea9c4f36632021-12-22 11:46:27.945root 11241100x80000000000000003847900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b286c4f7fc95d02021-12-22 11:46:27.945root 11241100x80000000000000003847901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11a153e8942a4e22021-12-22 11:46:27.945root 11241100x80000000000000003847902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62160a0107807fb2021-12-22 11:46:27.945root 11241100x80000000000000003847903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9e910b48fc7de32021-12-22 11:46:27.945root 11241100x80000000000000003847904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1642d5ab3f3b4e7e2021-12-22 11:46:27.945root 11241100x80000000000000003847905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4dfde1c20884682021-12-22 11:46:27.946root 11241100x80000000000000003847906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9888e485f5821fbd2021-12-22 11:46:27.946root 11241100x80000000000000003847907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1de0ce9e4b18d02021-12-22 11:46:27.946root 11241100x80000000000000003847908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1382a1f267bd3d992021-12-22 11:46:27.946root 11241100x80000000000000003847909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc99d9211c407a202021-12-22 11:46:27.946root 11241100x80000000000000003847910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faca7e1180c4b62c2021-12-22 11:46:27.946root 11241100x80000000000000003847911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b44ad2ff3e5098a2021-12-22 11:46:27.946root 11241100x80000000000000003847912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989125a6f12b136d2021-12-22 11:46:27.946root 11241100x80000000000000003847913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdf236e20187bd92021-12-22 11:46:27.946root 11241100x80000000000000003847914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bb0089e63a8a242021-12-22 11:46:28.443root 11241100x80000000000000003847915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0dae79eeafacdb2021-12-22 11:46:28.443root 11241100x80000000000000003847916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f189b70d7eef99992021-12-22 11:46:28.443root 11241100x80000000000000003847917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0706fcb32edb572021-12-22 11:46:28.443root 11241100x80000000000000003847918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eea734df53d5b22021-12-22 11:46:28.444root 11241100x80000000000000003847919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b76db11796fbb182021-12-22 11:46:28.444root 11241100x80000000000000003847920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317dcddd50c4cdfc2021-12-22 11:46:28.444root 11241100x80000000000000003847921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcd287b5224e6c92021-12-22 11:46:28.444root 11241100x80000000000000003847922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e397c01b46a5af2021-12-22 11:46:28.444root 11241100x80000000000000003847923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb7e959d3a881cd2021-12-22 11:46:28.444root 11241100x80000000000000003847924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4c011bef76857d2021-12-22 11:46:28.444root 11241100x80000000000000003847925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415adaaf7bab8d9e2021-12-22 11:46:28.444root 11241100x80000000000000003847926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce1ea88c23e74c72021-12-22 11:46:28.444root 11241100x80000000000000003847927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b20c557002b54d2021-12-22 11:46:28.444root 11241100x80000000000000003847928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e30097fa793de402021-12-22 11:46:28.444root 11241100x80000000000000003847929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6e243f8bd0f8812021-12-22 11:46:28.444root 11241100x80000000000000003847930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864b00a725ec32872021-12-22 11:46:28.444root 11241100x80000000000000003847931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e09022c9157ada92021-12-22 11:46:28.445root 11241100x80000000000000003847932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca0b6a544d2288b2021-12-22 11:46:28.445root 11241100x80000000000000003847933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fc3ab79275d8d82021-12-22 11:46:28.445root 11241100x80000000000000003847934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7998488e66c311fd2021-12-22 11:46:28.445root 11241100x80000000000000003847935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd0a267c546bb792021-12-22 11:46:28.445root 11241100x80000000000000003847936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426a9090fe38cc052021-12-22 11:46:28.445root 11241100x80000000000000003847937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f855b8d7e74a842021-12-22 11:46:28.445root 11241100x80000000000000003847938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a090ba83cae93db62021-12-22 11:46:28.445root 11241100x80000000000000003847939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01445f7ec7d76c82021-12-22 11:46:28.445root 11241100x80000000000000003847940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c306862dbec749122021-12-22 11:46:28.445root 11241100x80000000000000003847941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bdd4d877527eea2021-12-22 11:46:28.446root 11241100x80000000000000003847942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d20f288a1ada8a2021-12-22 11:46:28.446root 11241100x80000000000000003847943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a6c25c9a32865b2021-12-22 11:46:28.446root 11241100x80000000000000003847944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ccc5f734a63e712021-12-22 11:46:28.942root 11241100x80000000000000003847945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b368a8b3d247de862021-12-22 11:46:28.943root 11241100x80000000000000003847946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824de984991a87de2021-12-22 11:46:28.943root 11241100x80000000000000003847947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0a5dfe82d674692021-12-22 11:46:28.943root 11241100x80000000000000003847948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a9fe70ff56b6bf2021-12-22 11:46:28.943root 11241100x80000000000000003847949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d654d497a6e875a72021-12-22 11:46:28.943root 11241100x80000000000000003847950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67351741924d1d312021-12-22 11:46:28.943root 11241100x80000000000000003847951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d923652ab5a91232021-12-22 11:46:28.943root 11241100x80000000000000003847952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc512312f7b9369f2021-12-22 11:46:28.943root 11241100x80000000000000003847953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45745b1291fa9ceb2021-12-22 11:46:28.944root 11241100x80000000000000003847954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11a0df1097d8e982021-12-22 11:46:28.944root 11241100x80000000000000003847955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949778c0c0236b962021-12-22 11:46:28.944root 11241100x80000000000000003847956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de906f121500d7652021-12-22 11:46:28.944root 11241100x80000000000000003847957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6247e3e993f788692021-12-22 11:46:28.944root 11241100x80000000000000003847958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782a9591f70a16a12021-12-22 11:46:28.944root 11241100x80000000000000003847959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd30ee17f83f452021-12-22 11:46:28.944root 11241100x80000000000000003847960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2af8949bc8fe8962021-12-22 11:46:28.944root 11241100x80000000000000003847961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8f6b066f25c0c12021-12-22 11:46:28.944root 11241100x80000000000000003847962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e72ece94e5c94fb2021-12-22 11:46:28.944root 11241100x80000000000000003847963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f164e54083055e382021-12-22 11:46:28.944root 11241100x80000000000000003847964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c10491c521d1012021-12-22 11:46:28.945root 11241100x80000000000000003847965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e760b4652e5cbbb2021-12-22 11:46:28.945root 11241100x80000000000000003847966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed3c5a78d3d4b9a2021-12-22 11:46:28.945root 11241100x80000000000000003847967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5341ccfd13ad0452021-12-22 11:46:28.945root 11241100x80000000000000003847968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdfa637a0598b0e2021-12-22 11:46:28.945root 11241100x80000000000000003847969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c9ade7b82311cb2021-12-22 11:46:28.945root 11241100x80000000000000003847970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460bfb9e49b8beb92021-12-22 11:46:28.945root 11241100x80000000000000003847971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8285fed43d9fe582021-12-22 11:46:28.945root 11241100x80000000000000003847972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80774ddce5503bc62021-12-22 11:46:28.945root 11241100x80000000000000003847973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977c8d49945cd2f42021-12-22 11:46:28.945root 11241100x80000000000000003847974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7022ecae72ab49952021-12-22 11:46:28.946root 11241100x80000000000000003847975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfe69facccd29272021-12-22 11:46:28.946root 354300x80000000000000003847976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.142{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55434-false10.0.1.12-8000- 11241100x80000000000000003847977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6244920d2c570e2021-12-22 11:46:29.443root 11241100x80000000000000003847978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9440b6240a63832021-12-22 11:46:29.443root 11241100x80000000000000003847979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040e133667d6da042021-12-22 11:46:29.443root 11241100x80000000000000003847980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d768dbb3de173132021-12-22 11:46:29.444root 11241100x80000000000000003847981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f143db1768bd712021-12-22 11:46:29.444root 11241100x80000000000000003847982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d833cbc9b796622021-12-22 11:46:29.444root 11241100x80000000000000003847983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a30af959db13a82021-12-22 11:46:29.444root 11241100x80000000000000003847984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97dbadeabef619f2021-12-22 11:46:29.444root 11241100x80000000000000003847985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a8f8c401e581b92021-12-22 11:46:29.444root 11241100x80000000000000003847986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703a406c02fa768a2021-12-22 11:46:29.444root 11241100x80000000000000003847987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22131b5ec691ebf2021-12-22 11:46:29.444root 11241100x80000000000000003847988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040152426e94fd642021-12-22 11:46:29.444root 11241100x80000000000000003847989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c35dbca46018ee2021-12-22 11:46:29.445root 11241100x80000000000000003847990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deabb5f174b28d8c2021-12-22 11:46:29.445root 11241100x80000000000000003847991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc3b1c563357f172021-12-22 11:46:29.445root 11241100x80000000000000003847992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3182fa75784b04032021-12-22 11:46:29.445root 11241100x80000000000000003847993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dcacb1f3d01359b2021-12-22 11:46:29.445root 11241100x80000000000000003847994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f5473dc57a4cf02021-12-22 11:46:29.445root 11241100x80000000000000003847995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a107c9db441ada3a2021-12-22 11:46:29.445root 11241100x80000000000000003847996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ed5d2133b77bc72021-12-22 11:46:29.445root 11241100x80000000000000003847997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b97aceedf5279152021-12-22 11:46:29.446root 11241100x80000000000000003847998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b40ec610f40a6ab2021-12-22 11:46:29.446root 11241100x80000000000000003847999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8c6d06f171918a2021-12-22 11:46:29.446root 11241100x80000000000000003848000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19531c98cb7f8b302021-12-22 11:46:29.446root 11241100x80000000000000003848001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16b6c9eb2c0a5e62021-12-22 11:46:29.446root 11241100x80000000000000003848002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e62ff7677b4188b2021-12-22 11:46:29.446root 11241100x80000000000000003848003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07426be7d0ace8962021-12-22 11:46:29.446root 11241100x80000000000000003848004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb894e32475bd0a2021-12-22 11:46:29.447root 11241100x80000000000000003848005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667ae6d928ce66c32021-12-22 11:46:29.447root 11241100x80000000000000003848006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f01227d54d9b71c2021-12-22 11:46:29.447root 11241100x80000000000000003848007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bbeaf103c8e76e2021-12-22 11:46:29.942root 11241100x80000000000000003848008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce5f07f6765b0432021-12-22 11:46:29.943root 11241100x80000000000000003848009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73eb53758ad0b882021-12-22 11:46:29.943root 11241100x80000000000000003848010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e1168105914ec12021-12-22 11:46:29.943root 11241100x80000000000000003848011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feec4a720a0f15202021-12-22 11:46:29.943root 11241100x80000000000000003848012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb48aa4222107f952021-12-22 11:46:29.943root 11241100x80000000000000003848013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70afe23e2b8bef3f2021-12-22 11:46:29.943root 11241100x80000000000000003848014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06621628265cde92021-12-22 11:46:29.943root 11241100x80000000000000003848015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66842ab93613b67f2021-12-22 11:46:29.944root 11241100x80000000000000003848016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ecb68937186ac12021-12-22 11:46:29.944root 11241100x80000000000000003848017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7f511982eb4d5c2021-12-22 11:46:29.944root 11241100x80000000000000003848018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4e09428ca2bb4b2021-12-22 11:46:29.944root 11241100x80000000000000003848019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc61ad34a92ebb82021-12-22 11:46:29.945root 11241100x80000000000000003848020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8290572a31971532021-12-22 11:46:29.945root 11241100x80000000000000003848021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1c1105ba56f0292021-12-22 11:46:29.945root 11241100x80000000000000003848022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd008fb6dba3b992021-12-22 11:46:29.945root 11241100x80000000000000003848023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa602c56b9a4b4642021-12-22 11:46:29.946root 11241100x80000000000000003848024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fc3eb3b15083f2021-12-22 11:46:29.946root 11241100x80000000000000003848025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b812aab09c556fec2021-12-22 11:46:29.946root 11241100x80000000000000003848026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235bb43a8ea117a42021-12-22 11:46:29.946root 11241100x80000000000000003848027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a3573e12db0cb42021-12-22 11:46:29.947root 11241100x80000000000000003848028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b338b4dc3c16216c2021-12-22 11:46:29.947root 11241100x80000000000000003848029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278e4b101aa1ec4e2021-12-22 11:46:29.947root 11241100x80000000000000003848030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aba7e486fa6fd612021-12-22 11:46:29.947root 11241100x80000000000000003848031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51d0bcd8c868a852021-12-22 11:46:29.947root 11241100x80000000000000003848032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee30430195f594502021-12-22 11:46:29.947root 11241100x80000000000000003848033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c7e39bf6ac32a772021-12-22 11:46:29.947root 11241100x80000000000000003848034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9860c3f88f5e142021-12-22 11:46:29.948root 11241100x80000000000000003848035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42444173151d989a2021-12-22 11:46:29.948root 11241100x80000000000000003848036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4d40b7e5e607552021-12-22 11:46:29.948root 11241100x80000000000000003848037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570bd57368d2142e2021-12-22 11:46:29.948root 11241100x80000000000000003848038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4285cbb01b3d262021-12-22 11:46:29.948root 11241100x80000000000000003848039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0865497a6ccc2a662021-12-22 11:46:29.948root 11241100x80000000000000003848040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ecb6b03b7a07bc2021-12-22 11:46:29.948root 11241100x80000000000000003848041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3acb022284d30e2021-12-22 11:46:29.948root 11241100x80000000000000003848042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4540fbfb9c7146e2021-12-22 11:46:29.948root 11241100x80000000000000003848043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2089472f126e36e2021-12-22 11:46:29.949root 11241100x80000000000000003848044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f4fbbf814094662021-12-22 11:46:29.949root 11241100x80000000000000003848045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c920db4dd50ca2652021-12-22 11:46:30.443root 11241100x80000000000000003848046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a4a37751724e8d2021-12-22 11:46:30.443root 11241100x80000000000000003848047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db6164cda1065fb2021-12-22 11:46:30.443root 11241100x80000000000000003848048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc5431398a3a4942021-12-22 11:46:30.443root 11241100x80000000000000003848049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472b8a80445bc63c2021-12-22 11:46:30.443root 11241100x80000000000000003848050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e226bacc7147482021-12-22 11:46:30.443root 11241100x80000000000000003848051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f1fa3a24b5a1ab2021-12-22 11:46:30.443root 11241100x80000000000000003848052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b68ad6533a0512021-12-22 11:46:30.444root 11241100x80000000000000003848053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d55a609349142f2021-12-22 11:46:30.444root 11241100x80000000000000003848054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab34037548f67c7a2021-12-22 11:46:30.444root 11241100x80000000000000003848055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3936e27746b746d72021-12-22 11:46:30.444root 11241100x80000000000000003848056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee543fe536e181c2021-12-22 11:46:30.444root 11241100x80000000000000003848057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538f1aa2df3c7cff2021-12-22 11:46:30.444root 11241100x80000000000000003848058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050e5f4d0eab8ad82021-12-22 11:46:30.444root 11241100x80000000000000003848059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefd963102af701f2021-12-22 11:46:30.444root 11241100x80000000000000003848060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd385bbc4b4fe68e2021-12-22 11:46:30.444root 11241100x80000000000000003848061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea91b12aba333f292021-12-22 11:46:30.444root 11241100x80000000000000003848062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a942e39e330bee982021-12-22 11:46:30.445root 11241100x80000000000000003848063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c304bb6543e7eb2021-12-22 11:46:30.445root 11241100x80000000000000003848064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa38af525c0bdfd2021-12-22 11:46:30.445root 11241100x80000000000000003848065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2a4f5a42bf6a8d2021-12-22 11:46:30.445root 11241100x80000000000000003848066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e263a271a2b9eb2021-12-22 11:46:30.445root 11241100x80000000000000003848067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297abaca02af1fd12021-12-22 11:46:30.445root 11241100x80000000000000003848068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07b0fa126fb12ff2021-12-22 11:46:30.445root 11241100x80000000000000003848069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8142becf43cbb5c2021-12-22 11:46:30.445root 11241100x80000000000000003848070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d61a7d94475df172021-12-22 11:46:30.447root 11241100x80000000000000003848071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4cc22d32aa36a32021-12-22 11:46:30.447root 11241100x80000000000000003848072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7135c8fe21f013a2021-12-22 11:46:30.447root 11241100x80000000000000003848073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee922b68d0f166bf2021-12-22 11:46:30.448root 11241100x80000000000000003848074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd254113ceab0b882021-12-22 11:46:30.448root 11241100x80000000000000003848075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6443f0db3d3783af2021-12-22 11:46:30.448root 11241100x80000000000000003848076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400c8077d943e65f2021-12-22 11:46:30.448root 11241100x80000000000000003848077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31cd9305a30e7922021-12-22 11:46:30.448root 11241100x80000000000000003848078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5135db713800aeb2021-12-22 11:46:30.448root 154100x80000000000000003848079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.596{ec2b6afe-1016-61c3-6834-c550f1550000}19056/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x80000000000000003848080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.606{ec2b6afe-1016-61c3-6834-c550f1550000}19056/bin/psroot 11241100x80000000000000003848081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2dee3f2228628382021-12-22 11:46:30.943root 11241100x80000000000000003848082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd0c8c295aae4672021-12-22 11:46:30.943root 11241100x80000000000000003848083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bc9268fe1546b02021-12-22 11:46:30.943root 11241100x80000000000000003848084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f541f5f2f1b9f52021-12-22 11:46:30.943root 11241100x80000000000000003848085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d422cbfd2cc47c292021-12-22 11:46:30.943root 11241100x80000000000000003848086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7d2d5ae78d1e7a2021-12-22 11:46:30.943root 11241100x80000000000000003848087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985a2a7312bd4e02021-12-22 11:46:30.943root 11241100x80000000000000003848088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111e8b85541333a12021-12-22 11:46:30.944root 11241100x80000000000000003848089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb596e60c89123f52021-12-22 11:46:30.944root 11241100x80000000000000003848090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a3d9ede21606e2021-12-22 11:46:30.944root 11241100x80000000000000003848091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191af02233c09c0c2021-12-22 11:46:30.944root 11241100x80000000000000003848092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb34aa107e500792021-12-22 11:46:30.944root 11241100x80000000000000003848093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce356b94cd12f23d2021-12-22 11:46:30.944root 11241100x80000000000000003848094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6081c6d65bb75be82021-12-22 11:46:30.944root 11241100x80000000000000003848095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1c6c30d5f10b622021-12-22 11:46:30.944root 11241100x80000000000000003848096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d450c524826b223f2021-12-22 11:46:30.944root 11241100x80000000000000003848097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c58e51ff04044b2021-12-22 11:46:30.944root 11241100x80000000000000003848098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3f5be79d36e2ed2021-12-22 11:46:30.945root 11241100x80000000000000003848099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eb2e69a134115f2021-12-22 11:46:30.945root 11241100x80000000000000003848100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f795718f85baecd2021-12-22 11:46:30.945root 11241100x80000000000000003848101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43ee1692162926e2021-12-22 11:46:30.945root 11241100x80000000000000003848102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fdc5a781320c422021-12-22 11:46:30.945root 11241100x80000000000000003848103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6fbd51c585b6292021-12-22 11:46:30.945root 11241100x80000000000000003848104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043212c4a656f7442021-12-22 11:46:30.945root 11241100x80000000000000003848105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2dfb4775dfd56e2021-12-22 11:46:30.945root 11241100x80000000000000003848106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3552695c68b876252021-12-22 11:46:30.945root 11241100x80000000000000003848107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b72f826a7ecf7d72021-12-22 11:46:30.945root 11241100x80000000000000003848108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eae160ea051f5462021-12-22 11:46:30.946root 11241100x80000000000000003848109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b69dd28d4daa5312021-12-22 11:46:30.946root 11241100x80000000000000003848110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa12a30e9a75dd02021-12-22 11:46:30.946root 11241100x80000000000000003848111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43198b3d21c8d612021-12-22 11:46:30.946root 11241100x80000000000000003848112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d097f4ca93ac1eb12021-12-22 11:46:30.946root 11241100x80000000000000003848113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8ded43188301232021-12-22 11:46:30.946root 11241100x80000000000000003848114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6a06d51b2420ed2021-12-22 11:46:30.946root 11241100x80000000000000003848115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da510fff9a34f54b2021-12-22 11:46:30.946root 11241100x80000000000000003848116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f36668cb176ea522021-12-22 11:46:30.946root 11241100x80000000000000003848117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829f2b1865b8c0e02021-12-22 11:46:30.946root 11241100x80000000000000003848118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9515e3c949879332021-12-22 11:46:30.947root 154100x80000000000000003848119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.266{ec2b6afe-1017-61c3-10b0-092b5f550000}19057/bin/touch-----touch evil_preload.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003848120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-1017-61c3-10b0-092b5f550000}19057/bin/touch/home/ubuntu/evil_preload.c2021-12-22 11:46:31.267ubuntu 11241100x80000000000000003848121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6abd53a9a899932021-12-22 11:46:31.267root 534500x80000000000000003848122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-1017-61c3-10b0-092b5f550000}19057/bin/touchubuntu 11241100x80000000000000003848123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578b6f8240f684ca2021-12-22 11:46:31.267root 11241100x80000000000000003848124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8923466f8ecfb8902021-12-22 11:46:31.267root 11241100x80000000000000003848125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc2c183c72dc7592021-12-22 11:46:31.267root 11241100x80000000000000003848126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.267{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea9cda71f980d7d2021-12-22 11:46:31.267root 11241100x80000000000000003848127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62c62724558eccf2021-12-22 11:46:31.268root 11241100x80000000000000003848128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442cbd1995f577652021-12-22 11:46:31.268root 11241100x80000000000000003848129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c39e2c62d3149a92021-12-22 11:46:31.268root 11241100x80000000000000003848130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ef8daaaa43d2712021-12-22 11:46:31.268root 11241100x80000000000000003848131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7607a4901579049e2021-12-22 11:46:31.268root 11241100x80000000000000003848132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc570f527ca13202021-12-22 11:46:31.268root 11241100x80000000000000003848133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878eceb9144c36b92021-12-22 11:46:31.268root 11241100x80000000000000003848134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95b25aba12aa2d42021-12-22 11:46:31.268root 11241100x80000000000000003848135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae204a9593215d62021-12-22 11:46:31.268root 11241100x80000000000000003848136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631d2627d733bd4f2021-12-22 11:46:31.268root 11241100x80000000000000003848137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b041a1844d09712021-12-22 11:46:31.268root 11241100x80000000000000003848138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.268{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edd23eafbacb40d2021-12-22 11:46:31.268root 11241100x80000000000000003848139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67877f6774fe8fbb2021-12-22 11:46:31.269root 11241100x80000000000000003848140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88bdf1ed916d0322021-12-22 11:46:31.269root 11241100x80000000000000003848141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2bbb2d0935adc32021-12-22 11:46:31.269root 11241100x80000000000000003848142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae82898404272462021-12-22 11:46:31.269root 11241100x80000000000000003848143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ec02ab3983cbb72021-12-22 11:46:31.269root 11241100x80000000000000003848144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8127fdb721b2b81f2021-12-22 11:46:31.269root 11241100x80000000000000003848145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a261c3a0d039db82021-12-22 11:46:31.269root 11241100x80000000000000003848146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b580aa3b539d5d2021-12-22 11:46:31.269root 11241100x80000000000000003848147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddec21ce79fbeec2021-12-22 11:46:31.269root 11241100x80000000000000003848148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330d2d59d18c63c32021-12-22 11:46:31.269root 11241100x80000000000000003848149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.269{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a1de15819859762021-12-22 11:46:31.269root 11241100x80000000000000003848150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a49500466d1f682021-12-22 11:46:31.270root 11241100x80000000000000003848151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4171fbe5cd6cc4f12021-12-22 11:46:31.270root 11241100x80000000000000003848152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d87eac0fefe784b2021-12-22 11:46:31.270root 11241100x80000000000000003848153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b41757ae822612021-12-22 11:46:31.270root 11241100x80000000000000003848154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f4bb59e5ad78bf2021-12-22 11:46:31.270root 11241100x80000000000000003848155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6393ed8ffdeba17d2021-12-22 11:46:31.270root 11241100x80000000000000003848156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.270{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e7f48ff6b4a8452021-12-22 11:46:31.270root 11241100x80000000000000003848157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b413349a68628aa2021-12-22 11:46:31.271root 11241100x80000000000000003848158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bb95e77796f4342021-12-22 11:46:31.271root 11241100x80000000000000003848159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef42f833470e582021-12-22 11:46:31.271root 11241100x80000000000000003848160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9ce102de8c36512021-12-22 11:46:31.271root 11241100x80000000000000003848161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bb43c643762f212021-12-22 11:46:31.271root 11241100x80000000000000003848162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842914612243ac5a2021-12-22 11:46:31.271root 11241100x80000000000000003848163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab278e0195720dc2021-12-22 11:46:31.271root 11241100x80000000000000003848164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2e004f6af9a66d2021-12-22 11:46:31.271root 11241100x80000000000000003848165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f9f9a520cfa1b82021-12-22 11:46:31.271root 11241100x80000000000000003848166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9102e55e5234d12021-12-22 11:46:31.271root 11241100x80000000000000003848167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46fa39401bdc0422021-12-22 11:46:31.271root 11241100x80000000000000003848168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.271{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6305a71b5dd3ca582021-12-22 11:46:31.271root 11241100x80000000000000003848169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735833e6379107d82021-12-22 11:46:31.272root 11241100x80000000000000003848170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2e41b5578600342021-12-22 11:46:31.272root 11241100x80000000000000003848171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0742af625d32d2322021-12-22 11:46:31.272root 11241100x80000000000000003848172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a119532f70386bd82021-12-22 11:46:31.272root 11241100x80000000000000003848173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7c2f5f259a5f412021-12-22 11:46:31.272root 11241100x80000000000000003848174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12091c473e59f1232021-12-22 11:46:31.272root 11241100x80000000000000003848175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb3da603ce4d9772021-12-22 11:46:31.272root 11241100x80000000000000003848176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea447106cc662172021-12-22 11:46:31.272root 11241100x80000000000000003848177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fccbcd598edc922021-12-22 11:46:31.272root 11241100x80000000000000003848178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035f73c9c196e0ea2021-12-22 11:46:31.272root 11241100x80000000000000003848179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.272{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ece928dc05da5d72021-12-22 11:46:31.272root 11241100x80000000000000003848180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5096cd2f7d24dc92021-12-22 11:46:31.273root 11241100x80000000000000003848181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1587230ef8d708da2021-12-22 11:46:31.273root 11241100x80000000000000003848182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5439913c21566f32021-12-22 11:46:31.273root 11241100x80000000000000003848183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c1defde30ae3ad2021-12-22 11:46:31.273root 11241100x80000000000000003848184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3ac9a206481d8d2021-12-22 11:46:31.273root 11241100x80000000000000003848185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a44348a40d70872021-12-22 11:46:31.273root 11241100x80000000000000003848186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f9d67a86595d5a2021-12-22 11:46:31.273root 11241100x80000000000000003848187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c6765708f691312021-12-22 11:46:31.273root 11241100x80000000000000003848188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2305ba22770740012021-12-22 11:46:31.273root 11241100x80000000000000003848189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.273{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e40ea2892e77542021-12-22 11:46:31.273root 11241100x80000000000000003848190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922b6b7f54d1f2182021-12-22 11:46:31.274root 11241100x80000000000000003848191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d655ba872ca48222021-12-22 11:46:31.274root 11241100x80000000000000003848192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a80217dd57116e62021-12-22 11:46:31.274root 11241100x80000000000000003848193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc0b1ff8dcff26f2021-12-22 11:46:31.274root 11241100x80000000000000003848194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc83fac274933252021-12-22 11:46:31.274root 11241100x80000000000000003848195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0600ec26f8504dcc2021-12-22 11:46:31.274root 11241100x80000000000000003848196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.274{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380a14a9014b56e92021-12-22 11:46:31.274root 11241100x80000000000000003848197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673880280ad3ef1a2021-12-22 11:46:31.275root 11241100x80000000000000003848198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486a4e15d876f2692021-12-22 11:46:31.275root 11241100x80000000000000003848199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52b4a131300c08f2021-12-22 11:46:31.275root 11241100x80000000000000003848200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3670add28c74d72021-12-22 11:46:31.275root 11241100x80000000000000003848201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ce3319293e99f22021-12-22 11:46:31.275root 11241100x80000000000000003848202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c373fde0d9961552021-12-22 11:46:31.275root 11241100x80000000000000003848203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d21279a5b00076e2021-12-22 11:46:31.275root 11241100x80000000000000003848204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065670754bf38c562021-12-22 11:46:31.275root 11241100x80000000000000003848205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c0ec1e59c2c6952021-12-22 11:46:31.275root 11241100x80000000000000003848206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.275{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b58cc65cfd104d2021-12-22 11:46:31.275root 11241100x80000000000000003848207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726d1fcc0904c5992021-12-22 11:46:31.276root 11241100x80000000000000003848208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecba1cebff153d8c2021-12-22 11:46:31.276root 11241100x80000000000000003848209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda9c0a4b7c32f6c2021-12-22 11:46:31.276root 11241100x80000000000000003848210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96707b8fe68d227d2021-12-22 11:46:31.276root 11241100x80000000000000003848211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86a03c27127ae3a2021-12-22 11:46:31.276root 11241100x80000000000000003848212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114263d3419c36002021-12-22 11:46:31.276root 11241100x80000000000000003848213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.076d464668df5bd92021-12-22 11:46:31.276root 11241100x80000000000000003848214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d591cea37010cc62021-12-22 11:46:31.276root 11241100x80000000000000003848215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3e38292003c2ee2021-12-22 11:46:31.276root 11241100x80000000000000003848216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.276{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ee5e6b1dd131a2021-12-22 11:46:31.276root 11241100x80000000000000003848217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252777526f8bea5e2021-12-22 11:46:31.277root 11241100x80000000000000003848218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e37fc5ce0bedd52021-12-22 11:46:31.277root 11241100x80000000000000003848219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c03afaad56555152021-12-22 11:46:31.277root 11241100x80000000000000003848220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2f53522b4e10dd2021-12-22 11:46:31.277root 11241100x80000000000000003848221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee710580428f3b32021-12-22 11:46:31.277root 11241100x80000000000000003848222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8acc1af535bf782021-12-22 11:46:31.277root 11241100x80000000000000003848223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0122bb47f77bd46e2021-12-22 11:46:31.277root 11241100x80000000000000003848224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.277{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea52d31a8ff2d652021-12-22 11:46:31.277root 11241100x80000000000000003848225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5525358906442df2021-12-22 11:46:31.278root 11241100x80000000000000003848226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae906bcf8d2e50b2021-12-22 11:46:31.278root 11241100x80000000000000003848227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4101226544a77c2c2021-12-22 11:46:31.278root 11241100x80000000000000003848228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270aa6c14e34a7292021-12-22 11:46:31.278root 11241100x80000000000000003848229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4caaa65cbe9d682021-12-22 11:46:31.278root 11241100x80000000000000003848230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01624594141598a42021-12-22 11:46:31.278root 11241100x80000000000000003848231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90d0de5c20529db2021-12-22 11:46:31.278root 11241100x80000000000000003848232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f23cce1fe4289e2021-12-22 11:46:31.278root 11241100x80000000000000003848233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85a613b56aa28df2021-12-22 11:46:31.278root 11241100x80000000000000003848234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.278{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3e9aa89835c3c62021-12-22 11:46:31.278root 11241100x80000000000000003848235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb60a05be081ecc02021-12-22 11:46:31.279root 11241100x80000000000000003848236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c903e49c8397212021-12-22 11:46:31.279root 11241100x80000000000000003848237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ce0602a60f06c22021-12-22 11:46:31.279root 11241100x80000000000000003848238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b057b661be9d6032021-12-22 11:46:31.279root 11241100x80000000000000003848239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88363202505f9ed52021-12-22 11:46:31.279root 11241100x80000000000000003848240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7bc3487c0c51b22021-12-22 11:46:31.279root 11241100x80000000000000003848241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f7e6a1777c6ee22021-12-22 11:46:31.279root 11241100x80000000000000003848242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55469790167e7b7d2021-12-22 11:46:31.279root 11241100x80000000000000003848243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.279{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa048b469a3a79312021-12-22 11:46:31.279root 11241100x80000000000000003848244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9743eb89417920682021-12-22 11:46:31.280root 11241100x80000000000000003848245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0ef1cc0eec94102021-12-22 11:46:31.280root 11241100x80000000000000003848246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba21c4bb8b33f9182021-12-22 11:46:31.280root 11241100x80000000000000003848247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5d8e8b60ef7fc92021-12-22 11:46:31.280root 11241100x80000000000000003848248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f462d6987ab731a2021-12-22 11:46:31.280root 11241100x80000000000000003848249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa3616568d9bc82021-12-22 11:46:31.280root 11241100x80000000000000003848250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52257d82291623a12021-12-22 11:46:31.280root 11241100x80000000000000003848251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3021c7540da75a2021-12-22 11:46:31.280root 11241100x80000000000000003848252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ce82ec7511bbaa2021-12-22 11:46:31.280root 11241100x80000000000000003848253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2b2349fe5857ed2021-12-22 11:46:31.280root 11241100x80000000000000003848254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ae5151dc138af52021-12-22 11:46:31.280root 11241100x80000000000000003848255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2752032c8309b22021-12-22 11:46:31.280root 11241100x80000000000000003848256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.280{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797ab22abccf158d2021-12-22 11:46:31.280root 11241100x80000000000000003848257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520a69c8e2d362a82021-12-22 11:46:31.281root 11241100x80000000000000003848258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4a031be98b91252021-12-22 11:46:31.281root 11241100x80000000000000003848259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7ce2067decb6e62021-12-22 11:46:31.281root 11241100x80000000000000003848260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb755d465ddbf1c2021-12-22 11:46:31.281root 11241100x80000000000000003848261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcefa830412691502021-12-22 11:46:31.281root 11241100x80000000000000003848262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d3e6ff720188772021-12-22 11:46:31.281root 11241100x80000000000000003848263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1127071cc2fc5c7f2021-12-22 11:46:31.281root 11241100x80000000000000003848264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d18dc906a65b1c02021-12-22 11:46:31.281root 11241100x80000000000000003848265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae9947487a1fa0b2021-12-22 11:46:31.281root 11241100x80000000000000003848266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1490e73704ed7e2021-12-22 11:46:31.281root 11241100x80000000000000003848267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212c873cdd343e802021-12-22 11:46:31.281root 11241100x80000000000000003848268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666b929801962bea2021-12-22 11:46:31.281root 11241100x80000000000000003848269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa274b82767ad6072021-12-22 11:46:31.281root 11241100x80000000000000003848270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d1089de06b8c602021-12-22 11:46:31.281root 11241100x80000000000000003848271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886ea4ec37f76a632021-12-22 11:46:31.281root 11241100x80000000000000003848272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27cea77a23b6ce72021-12-22 11:46:31.281root 11241100x80000000000000003848273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.281{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec74e1ecd0521442021-12-22 11:46:31.281root 11241100x80000000000000003848274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253623aa1cfc028e2021-12-22 11:46:31.282root 11241100x80000000000000003848275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.282{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa6b47bae01fd3a2021-12-22 11:46:31.282root 11241100x80000000000000003848276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a492b996b614bb982021-12-22 11:46:31.693root 11241100x80000000000000003848277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5185efcb5b16d8322021-12-22 11:46:31.694root 11241100x80000000000000003848278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2427f3a2beb96bb52021-12-22 11:46:31.694root 11241100x80000000000000003848279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c0ee79e8f9f7d52021-12-22 11:46:31.694root 11241100x80000000000000003848280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10243a43a4548882021-12-22 11:46:31.694root 11241100x80000000000000003848281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5ef1cb58f548f62021-12-22 11:46:31.694root 11241100x80000000000000003848282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95c122406df84742021-12-22 11:46:31.694root 11241100x80000000000000003848283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1307ea81f24b00672021-12-22 11:46:31.694root 11241100x80000000000000003848284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97511eb372a045f92021-12-22 11:46:31.694root 11241100x80000000000000003848285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5cefb43f8dcc6942021-12-22 11:46:31.694root 11241100x80000000000000003848286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d248881afa5ea4a2021-12-22 11:46:31.694root 11241100x80000000000000003848287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce28f3996852ca2021-12-22 11:46:31.695root 11241100x80000000000000003848288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2cd6c1bbfc2fc62021-12-22 11:46:31.695root 11241100x80000000000000003848289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772098ea173cf9142021-12-22 11:46:31.695root 11241100x80000000000000003848290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aa11340ddb43502021-12-22 11:46:31.695root 11241100x80000000000000003848291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee53b2aac82bb5e2021-12-22 11:46:31.695root 11241100x80000000000000003848292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc49631cf67b3ade2021-12-22 11:46:31.695root 11241100x80000000000000003848293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6b4c6dbaa634cd2021-12-22 11:46:31.695root 11241100x80000000000000003848294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b716b95d7d1560e2021-12-22 11:46:31.695root 11241100x80000000000000003848295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c87702738ca09f42021-12-22 11:46:31.695root 11241100x80000000000000003848296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f011e9052c219222021-12-22 11:46:31.696root 11241100x80000000000000003848297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6ecf11b5ce3f092021-12-22 11:46:31.696root 11241100x80000000000000003848298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b784f03b27536e2021-12-22 11:46:31.696root 11241100x80000000000000003848299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e0438466350392021-12-22 11:46:31.696root 11241100x80000000000000003848300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672435ce00b0d2d42021-12-22 11:46:31.696root 11241100x80000000000000003848301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801fb8d188d294f52021-12-22 11:46:31.696root 11241100x80000000000000003848302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b4801ac30406612021-12-22 11:46:31.696root 11241100x80000000000000003848303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c3bb04a9a373ef2021-12-22 11:46:31.696root 11241100x80000000000000003848304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c826281f284f392021-12-22 11:46:31.696root 11241100x80000000000000003848305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc96719f0179dfd2021-12-22 11:46:31.696root 11241100x80000000000000003848306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e8f2c5e0a67f652021-12-22 11:46:31.697root 11241100x80000000000000003848307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4362b839d49d5a362021-12-22 11:46:31.697root 11241100x80000000000000003848308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac10303ae8fa6602021-12-22 11:46:31.697root 11241100x80000000000000003848309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b8b2d0e30477622021-12-22 11:46:31.697root 11241100x80000000000000003848310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:31.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbbc94c9823aca92021-12-22 11:46:31.697root 11241100x80000000000000003848311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d983e07ba431e5822021-12-22 11:46:32.193root 11241100x80000000000000003848312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dc9786562ba8e22021-12-22 11:46:32.193root 11241100x80000000000000003848313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbcfdf395f97b882021-12-22 11:46:32.193root 11241100x80000000000000003848314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f323fce562e253bd2021-12-22 11:46:32.193root 11241100x80000000000000003848315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27d8ac986da2ea62021-12-22 11:46:32.193root 11241100x80000000000000003848316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f591398f04f95ec12021-12-22 11:46:32.193root 11241100x80000000000000003848317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb8ddd67f17c77b2021-12-22 11:46:32.194root 11241100x80000000000000003848318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6c8833b3437f812021-12-22 11:46:32.194root 11241100x80000000000000003848319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee15f1a2b2f89fba2021-12-22 11:46:32.194root 11241100x80000000000000003848320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7646c7195ec50282021-12-22 11:46:32.194root 11241100x80000000000000003848321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acda989a8a31a4362021-12-22 11:46:32.194root 11241100x80000000000000003848322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493a3d28d33b01b62021-12-22 11:46:32.194root 11241100x80000000000000003848323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bbe98f66c26e282021-12-22 11:46:32.194root 11241100x80000000000000003848324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186ab1b8a84d606c2021-12-22 11:46:32.194root 11241100x80000000000000003848325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbf772d92a4013c2021-12-22 11:46:32.194root 11241100x80000000000000003848326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d352fa0b22e2df2021-12-22 11:46:32.195root 11241100x80000000000000003848327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6efe3a05e5c09c2021-12-22 11:46:32.195root 11241100x80000000000000003848328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a777384d7181ace2021-12-22 11:46:32.195root 11241100x80000000000000003848329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca6026f9e88d3a62021-12-22 11:46:32.195root 11241100x80000000000000003848330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a36ad1288dfd3b2021-12-22 11:46:32.195root 11241100x80000000000000003848331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbb36d9c5e8a65e2021-12-22 11:46:32.195root 11241100x80000000000000003848332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00a08c6dce433492021-12-22 11:46:32.195root 11241100x80000000000000003848333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c346a6b7ae028d32021-12-22 11:46:32.195root 11241100x80000000000000003848334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690c410fb98fea092021-12-22 11:46:32.195root 11241100x80000000000000003848335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6e884210e2e57f2021-12-22 11:46:32.196root 11241100x80000000000000003848336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5478540d31e611a42021-12-22 11:46:32.196root 11241100x80000000000000003848337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3b1f3aa88febef2021-12-22 11:46:32.196root 11241100x80000000000000003848338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add104f3e5e05042021-12-22 11:46:32.196root 11241100x80000000000000003848339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72c8ad21fb936242021-12-22 11:46:32.196root 11241100x80000000000000003848340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86accb30d4ddea6a2021-12-22 11:46:32.196root 11241100x80000000000000003848341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa60f22832f8a9722021-12-22 11:46:32.196root 11241100x80000000000000003848342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a93298d6c94ca232021-12-22 11:46:32.196root 11241100x80000000000000003848343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec599dbebe0846492021-12-22 11:46:32.196root 11241100x80000000000000003848344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091850e3fcdc55132021-12-22 11:46:32.197root 11241100x80000000000000003848345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2addfe5711a6ee2021-12-22 11:46:32.197root 11241100x80000000000000003848346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d26cc48b311d282021-12-22 11:46:32.197root 11241100x80000000000000003848347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60808f67aa2b2c42021-12-22 11:46:32.197root 11241100x80000000000000003848348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b823debba5e7ebd2021-12-22 11:46:32.197root 11241100x80000000000000003848349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abca59a5a12bedbd2021-12-22 11:46:32.197root 11241100x80000000000000003848350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c393f11d1e8d1f2021-12-22 11:46:32.197root 11241100x80000000000000003848351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3ed352028cf7602021-12-22 11:46:32.197root 11241100x80000000000000003848352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634032a29fe5847e2021-12-22 11:46:32.197root 11241100x80000000000000003848353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c84ce6d207a7a32021-12-22 11:46:32.198root 11241100x80000000000000003848354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21300d6ca863b7d02021-12-22 11:46:32.198root 11241100x80000000000000003848355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176efce95660e31d2021-12-22 11:46:32.198root 11241100x80000000000000003848356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0252f2638103ab062021-12-22 11:46:32.198root 11241100x80000000000000003848357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370af4398c8bf2d32021-12-22 11:46:32.693root 11241100x80000000000000003848358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5bbfdc980ada072021-12-22 11:46:32.693root 11241100x80000000000000003848359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5399173552dfec662021-12-22 11:46:32.694root 11241100x80000000000000003848360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befac5e8c533ed3c2021-12-22 11:46:32.694root 11241100x80000000000000003848361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ee1e52ce65ed1b2021-12-22 11:46:32.694root 11241100x80000000000000003848362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbee3a65518b2192021-12-22 11:46:32.694root 11241100x80000000000000003848363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa41bc79492669862021-12-22 11:46:32.694root 11241100x80000000000000003848364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1163b012bd100012021-12-22 11:46:32.694root 11241100x80000000000000003848365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360ed5a8b4f664a52021-12-22 11:46:32.694root 11241100x80000000000000003848366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746d87ffaee284b62021-12-22 11:46:32.694root 11241100x80000000000000003848367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802b4f11669ae86c2021-12-22 11:46:32.694root 11241100x80000000000000003848368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132b6b74834277542021-12-22 11:46:32.694root 11241100x80000000000000003848369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4023c548d5e4f62021-12-22 11:46:32.695root 11241100x80000000000000003848370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1737cc8f255df0992021-12-22 11:46:32.695root 11241100x80000000000000003848371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642628d68c6be1422021-12-22 11:46:32.695root 11241100x80000000000000003848372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26d5a0b11ae493b2021-12-22 11:46:32.695root 11241100x80000000000000003848373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476fc7c0366c42de2021-12-22 11:46:32.695root 11241100x80000000000000003848374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c46a95295106142021-12-22 11:46:32.695root 11241100x80000000000000003848375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416a7cdd78edd37c2021-12-22 11:46:32.695root 11241100x80000000000000003848376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6147d28f50852a642021-12-22 11:46:32.695root 11241100x80000000000000003848377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddacf979e119be02021-12-22 11:46:32.696root 11241100x80000000000000003848378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0a667b2d1d1e132021-12-22 11:46:32.696root 11241100x80000000000000003848379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc80e26276a62e82021-12-22 11:46:32.696root 11241100x80000000000000003848380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6835d81bf8bc1b532021-12-22 11:46:32.696root 11241100x80000000000000003848381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7e0d2117fcabd82021-12-22 11:46:32.696root 11241100x80000000000000003848382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b5d9488390dc172021-12-22 11:46:32.696root 11241100x80000000000000003848383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6341682cf811d152021-12-22 11:46:32.696root 11241100x80000000000000003848384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d8439d99646002021-12-22 11:46:32.696root 11241100x80000000000000003848385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083d96ef6e44bcbc2021-12-22 11:46:32.696root 11241100x80000000000000003848386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98a9ec061f43a2a2021-12-22 11:46:32.697root 11241100x80000000000000003848387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f599f89d22896d52021-12-22 11:46:32.697root 11241100x80000000000000003848388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef108bb1d79417ba2021-12-22 11:46:32.697root 11241100x80000000000000003848389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b747fda7b331946e2021-12-22 11:46:32.697root 11241100x80000000000000003848390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ee4044584fe6d72021-12-22 11:46:32.697root 11241100x80000000000000003848391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e28145fc12998f2021-12-22 11:46:32.697root 11241100x80000000000000003848392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3588a5b6494e655a2021-12-22 11:46:32.697root 11241100x80000000000000003848393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e1ddb42e2bf3d12021-12-22 11:46:32.697root 11241100x80000000000000003848394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4e16d622c5b5192021-12-22 11:46:32.697root 11241100x80000000000000003848395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:32.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a86bc6dcfef7d2021-12-22 11:46:32.697root 11241100x80000000000000003848396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.144{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-22 11:46:33.144root 11241100x80000000000000003848397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d066b799fe73952021-12-22 11:46:33.145root 11241100x80000000000000003848398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e25f8dc55195c9e02021-12-22 11:46:33.145root 11241100x80000000000000003848399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daca94119fde96c2021-12-22 11:46:33.145root 11241100x80000000000000003848400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19ee1523a8b9de82021-12-22 11:46:33.145root 11241100x80000000000000003848401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edced6cd73bb3732021-12-22 11:46:33.146root 11241100x80000000000000003848402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78b1d1633ace35d2021-12-22 11:46:33.146root 11241100x80000000000000003848403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b190a715df67482021-12-22 11:46:33.146root 11241100x80000000000000003848404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc96c814c8133b22021-12-22 11:46:33.146root 11241100x80000000000000003848405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68bd3aaa6e3cd052021-12-22 11:46:33.146root 11241100x80000000000000003848406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641fc4f37dd56db2021-12-22 11:46:33.146root 11241100x80000000000000003848407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75ec5b3e9c1d8362021-12-22 11:46:33.146root 11241100x80000000000000003848408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0425930a4f88196f2021-12-22 11:46:33.147root 11241100x80000000000000003848409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6419dca45ed3e32021-12-22 11:46:33.147root 11241100x80000000000000003848410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4fb667ee6df7552021-12-22 11:46:33.147root 11241100x80000000000000003848411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f68f0336ea651d62021-12-22 11:46:33.147root 11241100x80000000000000003848412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244e180a7eb60c1c2021-12-22 11:46:33.147root 11241100x80000000000000003848413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce40e588d8fa63922021-12-22 11:46:33.147root 11241100x80000000000000003848414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a886fe28b5e0f542021-12-22 11:46:33.147root 11241100x80000000000000003848415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b462ef2eb6d328b32021-12-22 11:46:33.147root 11241100x80000000000000003848416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d7938b0b99bd572021-12-22 11:46:33.148root 11241100x80000000000000003848417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5c6eddda1a0f502021-12-22 11:46:33.148root 11241100x80000000000000003848418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade311a93d527032021-12-22 11:46:33.148root 11241100x80000000000000003848419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b97ad3797a2c9e2021-12-22 11:46:33.149root 11241100x80000000000000003848420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b3422a0b0efc492021-12-22 11:46:33.149root 11241100x80000000000000003848421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e65ccc9eb498c92021-12-22 11:46:33.149root 11241100x80000000000000003848422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd6af546d724ae02021-12-22 11:46:33.149root 11241100x80000000000000003848423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1132322939ffd3e92021-12-22 11:46:33.149root 11241100x80000000000000003848424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad7432e927bc4112021-12-22 11:46:33.149root 11241100x80000000000000003848425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7dc4382945d1132021-12-22 11:46:33.149root 11241100x80000000000000003848426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0625d2014b1ffa392021-12-22 11:46:33.149root 11241100x80000000000000003848427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfbfdc3293568802021-12-22 11:46:33.149root 11241100x80000000000000003848428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9afd5188ec5014e2021-12-22 11:46:33.150root 11241100x80000000000000003848429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a6bc48f2c9b85b2021-12-22 11:46:33.150root 11241100x80000000000000003848430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35df61a2d4ff1242021-12-22 11:46:33.150root 11241100x80000000000000003848431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f5ba380b984ed82021-12-22 11:46:33.150root 11241100x80000000000000003848432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2738448e5e2159e72021-12-22 11:46:33.150root 11241100x80000000000000003848433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03105cb73180a1212021-12-22 11:46:33.150root 11241100x80000000000000003848434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.150{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a304beb10fd1db32021-12-22 11:46:33.150root 11241100x80000000000000003848435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a252261b509b682021-12-22 11:46:33.151root 11241100x80000000000000003848436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb7eb855c31aaf02021-12-22 11:46:33.151root 11241100x80000000000000003848437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a139a077047f7a772021-12-22 11:46:33.151root 11241100x80000000000000003848438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018e6aa3cee0d4cc2021-12-22 11:46:33.151root 11241100x80000000000000003848439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c5f1429c53af8f2021-12-22 11:46:33.151root 11241100x80000000000000003848440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a7523ae13705e82021-12-22 11:46:33.151root 11241100x80000000000000003848441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c957757544740642021-12-22 11:46:33.151root 11241100x80000000000000003848442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4ef5c788c1040d2021-12-22 11:46:33.151root 11241100x80000000000000003848443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.151{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3a43f1f17bf0362021-12-22 11:46:33.151root 11241100x80000000000000003848444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e1fd013c87dccc2021-12-22 11:46:33.444root 11241100x80000000000000003848445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa54c2a8c6a8c9a52021-12-22 11:46:33.444root 11241100x80000000000000003848446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190376a68742796a2021-12-22 11:46:33.445root 11241100x80000000000000003848447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7f43786438cca72021-12-22 11:46:33.445root 11241100x80000000000000003848448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69da11bef86ee9272021-12-22 11:46:33.445root 11241100x80000000000000003848449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4732b8fbc28182fe2021-12-22 11:46:33.445root 11241100x80000000000000003848450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861bb3904767d1602021-12-22 11:46:33.446root 11241100x80000000000000003848451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda41ca7f61a15462021-12-22 11:46:33.446root 11241100x80000000000000003848452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969bfc442e09ed852021-12-22 11:46:33.446root 11241100x80000000000000003848453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a06f40f246323a62021-12-22 11:46:33.446root 11241100x80000000000000003848454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fdd004841eeabd2021-12-22 11:46:33.447root 11241100x80000000000000003848455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36828f7cee8d55112021-12-22 11:46:33.447root 11241100x80000000000000003848456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9bbcf6b85bfc682021-12-22 11:46:33.447root 11241100x80000000000000003848457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a7d5c1de060c2a2021-12-22 11:46:33.447root 11241100x80000000000000003848458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fb50c1c110b1632021-12-22 11:46:33.448root 11241100x80000000000000003848459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fc50f89d4626532021-12-22 11:46:33.448root 11241100x80000000000000003848460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa1cff8bcb1464e2021-12-22 11:46:33.448root 11241100x80000000000000003848461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a6b64d7a9a37ba2021-12-22 11:46:33.448root 11241100x80000000000000003848462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3c664dee34ec722021-12-22 11:46:33.449root 11241100x80000000000000003848463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a96259111ba4fa12021-12-22 11:46:33.449root 11241100x80000000000000003848464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57bbf5978253f02021-12-22 11:46:33.449root 11241100x80000000000000003848465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf72531075f9aa2021-12-22 11:46:33.449root 11241100x80000000000000003848466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55f0294a4633e552021-12-22 11:46:33.449root 11241100x80000000000000003848467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86169f1dab482cf22021-12-22 11:46:33.449root 11241100x80000000000000003848468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb0e4aabb8630ff2021-12-22 11:46:33.450root 11241100x80000000000000003848469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2501e42cb8a8222021-12-22 11:46:33.450root 11241100x80000000000000003848470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb9f895c0166f9a2021-12-22 11:46:33.450root 11241100x80000000000000003848471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5eb9ccf09473262021-12-22 11:46:33.450root 11241100x80000000000000003848472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217b76a98bd5970d2021-12-22 11:46:33.450root 11241100x80000000000000003848473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd4011527b3c1c12021-12-22 11:46:33.450root 11241100x80000000000000003848474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7b248bdb0e86232021-12-22 11:46:33.450root 11241100x80000000000000003848475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e10f612fbbad542021-12-22 11:46:33.450root 11241100x80000000000000003848476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e637a7e0368b032021-12-22 11:46:33.450root 11241100x80000000000000003848477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a94486e20a8e9b2021-12-22 11:46:33.451root 11241100x80000000000000003848478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c98b9b9a5cd9642021-12-22 11:46:33.451root 11241100x80000000000000003848479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45169dbf50dab1202021-12-22 11:46:33.451root 11241100x80000000000000003848480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc4e82e29149e702021-12-22 11:46:33.943root 11241100x80000000000000003848481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245b3dbbf32982262021-12-22 11:46:33.943root 11241100x80000000000000003848482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.337eecf701eb569d2021-12-22 11:46:33.943root 11241100x80000000000000003848483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7412fe245fc93e912021-12-22 11:46:33.943root 11241100x80000000000000003848484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec429b10945387d2021-12-22 11:46:33.944root 11241100x80000000000000003848485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9b1a912c7cc0712021-12-22 11:46:33.944root 11241100x80000000000000003848486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa031c33cf4218ab2021-12-22 11:46:33.944root 11241100x80000000000000003848487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4519ba785750a27d2021-12-22 11:46:33.944root 11241100x80000000000000003848488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d89d81499dff0882021-12-22 11:46:33.944root 11241100x80000000000000003848489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5ebef5a112e11b2021-12-22 11:46:33.944root 11241100x80000000000000003848490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ab61010b1118ca2021-12-22 11:46:33.944root 11241100x80000000000000003848491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677569885654ef6b2021-12-22 11:46:33.944root 11241100x80000000000000003848492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e000a94d53afdca2021-12-22 11:46:33.944root 11241100x80000000000000003848493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14809fd0ec8a6df82021-12-22 11:46:33.944root 11241100x80000000000000003848494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a319ded4951b9662021-12-22 11:46:33.944root 11241100x80000000000000003848495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603d8a55d4ebe6192021-12-22 11:46:33.944root 11241100x80000000000000003848496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962e349d7aea7a672021-12-22 11:46:33.944root 11241100x80000000000000003848497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1830ca08cdde2c6b2021-12-22 11:46:33.944root 11241100x80000000000000003848498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cda92c8a5b288332021-12-22 11:46:33.944root 11241100x80000000000000003848499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5d19af4576129d2021-12-22 11:46:33.944root 11241100x80000000000000003848500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35859ba1960932c92021-12-22 11:46:33.945root 11241100x80000000000000003848501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911035442b7bbb5c2021-12-22 11:46:33.945root 11241100x80000000000000003848502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b5c1c14cb9ae252021-12-22 11:46:33.945root 11241100x80000000000000003848503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498b3cb6731e1a4a2021-12-22 11:46:33.945root 11241100x80000000000000003848504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59597acc289f76af2021-12-22 11:46:33.945root 11241100x80000000000000003848505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91db4d85b1ba65ce2021-12-22 11:46:33.945root 11241100x80000000000000003848506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9084c8bc2de9172021-12-22 11:46:33.945root 11241100x80000000000000003848507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db90caf50b9af3c72021-12-22 11:46:33.945root 11241100x80000000000000003848508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89dda63a91fbed2f2021-12-22 11:46:33.946root 11241100x80000000000000003848509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7514b61f56a010f42021-12-22 11:46:33.946root 11241100x80000000000000003848510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2282d0e8812024e02021-12-22 11:46:33.946root 11241100x80000000000000003848511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c736d31989f212021-12-22 11:46:33.946root 11241100x80000000000000003848512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76839e3cc5e646e2021-12-22 11:46:33.946root 11241100x80000000000000003848513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef1d9c906414cec2021-12-22 11:46:33.946root 11241100x80000000000000003848514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc0288a0d15880b2021-12-22 11:46:33.946root 11241100x80000000000000003848515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e82d42afcc794b62021-12-22 11:46:33.946root 354300x80000000000000003848516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:33.954{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-42500-false10.0.1.12-8089- 11241100x80000000000000003848517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e1332e87afdb3a2021-12-22 11:46:34.443root 11241100x80000000000000003848518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cefc5107272a8292021-12-22 11:46:34.443root 11241100x80000000000000003848519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb736669f8006de22021-12-22 11:46:34.443root 11241100x80000000000000003848520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f3155401f3df0b2021-12-22 11:46:34.443root 11241100x80000000000000003848521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63113b9c729efe22021-12-22 11:46:34.444root 11241100x80000000000000003848522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc2a41afae3493e2021-12-22 11:46:34.444root 11241100x80000000000000003848523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937e68788eb604202021-12-22 11:46:34.444root 11241100x80000000000000003848524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994b27834e37bd822021-12-22 11:46:34.444root 11241100x80000000000000003848525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5365102bd4295b462021-12-22 11:46:34.444root 11241100x80000000000000003848526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1096c44e2a1d233b2021-12-22 11:46:34.444root 11241100x80000000000000003848527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8af8c236e08c6e2021-12-22 11:46:34.444root 11241100x80000000000000003848528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65439845aa9434652021-12-22 11:46:34.444root 11241100x80000000000000003848529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfaf7938808db132021-12-22 11:46:34.444root 11241100x80000000000000003848530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a6fa17f4c370de2021-12-22 11:46:34.444root 11241100x80000000000000003848531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81cd95329c088f42021-12-22 11:46:34.444root 11241100x80000000000000003848532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f225c135581b812021-12-22 11:46:34.444root 11241100x80000000000000003848533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef4fdf8418aed2b2021-12-22 11:46:34.444root 11241100x80000000000000003848534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48282530a015ddd2021-12-22 11:46:34.444root 11241100x80000000000000003848535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d6a06c953902682021-12-22 11:46:34.444root 11241100x80000000000000003848536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abbfd238a74ff9c42021-12-22 11:46:34.444root 11241100x80000000000000003848537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aefe9e6529a06912021-12-22 11:46:34.445root 11241100x80000000000000003848538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f5e4ab7da5b6292021-12-22 11:46:34.445root 11241100x80000000000000003848539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aa516ff62178a02021-12-22 11:46:34.445root 11241100x80000000000000003848540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e397f556ba27ef2021-12-22 11:46:34.445root 11241100x80000000000000003848541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b114861c0f9b53982021-12-22 11:46:34.445root 11241100x80000000000000003848542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882415ef068352f92021-12-22 11:46:34.445root 11241100x80000000000000003848543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c8c27f787d40fc2021-12-22 11:46:34.445root 11241100x80000000000000003848544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4b1d71fd76720362021-12-22 11:46:34.445root 11241100x80000000000000003848545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd34435ec02c270a2021-12-22 11:46:34.445root 11241100x80000000000000003848546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0875ca71dc4f322021-12-22 11:46:34.445root 11241100x80000000000000003848547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7411427afec11a962021-12-22 11:46:34.445root 11241100x80000000000000003848548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0732e717e3df897c2021-12-22 11:46:34.445root 11241100x80000000000000003848549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ae99d7bcda9ffd2021-12-22 11:46:34.445root 11241100x80000000000000003848550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518521cae1d3aaf32021-12-22 11:46:34.445root 11241100x80000000000000003848551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d93b2ec02a7b982021-12-22 11:46:34.445root 11241100x80000000000000003848552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f477336a62cf94042021-12-22 11:46:34.446root 11241100x80000000000000003848553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf7803a51c06b812021-12-22 11:46:34.446root 11241100x80000000000000003848554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f8a2be2741957f2021-12-22 11:46:34.446root 11241100x80000000000000003848555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ef8dc7b19e7be42021-12-22 11:46:34.446root 11241100x80000000000000003848556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fea3c9be74d4012021-12-22 11:46:34.446root 11241100x80000000000000003848557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba10cdd6e18b3482021-12-22 11:46:34.446root 11241100x80000000000000003848558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45036dfe242fa23e2021-12-22 11:46:34.446root 11241100x80000000000000003848559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e248660bea4075da2021-12-22 11:46:34.446root 11241100x80000000000000003848560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45b1cd35493c8b32021-12-22 11:46:34.446root 11241100x80000000000000003848561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6b623fdd5485c22021-12-22 11:46:34.446root 534500x80000000000000003848562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.571{00000000-0000-0000-0000-000000000000}19058<unknown process>ubuntu 534500x80000000000000003848563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.572{00000000-0000-0000-0000-000000000000}19059<unknown process>ubuntu 11241100x80000000000000003848564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.573{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.opOcgu2021-12-22 11:46:34.573ubuntu 23542300x80000000000000003848565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.573{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.opOcgu--- 11241100x80000000000000003848566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dc0b3e6fd1af4b2021-12-22 11:46:34.943root 11241100x80000000000000003848567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0c1bc2587108752021-12-22 11:46:34.943root 11241100x80000000000000003848568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b0c5036999160c2021-12-22 11:46:34.944root 11241100x80000000000000003848569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b41007f19d46d2021-12-22 11:46:34.944root 11241100x80000000000000003848570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08b870bdea1da652021-12-22 11:46:34.944root 11241100x80000000000000003848571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d424e3fa2c248012021-12-22 11:46:34.944root 11241100x80000000000000003848572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e4a5295747a5e12021-12-22 11:46:34.944root 11241100x80000000000000003848573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c930e5d337d09742021-12-22 11:46:34.944root 11241100x80000000000000003848574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71c783a965d7dbc2021-12-22 11:46:34.944root 11241100x80000000000000003848575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2d1f2390061fa52021-12-22 11:46:34.944root 11241100x80000000000000003848576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb48fa738acb492c2021-12-22 11:46:34.944root 11241100x80000000000000003848577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b3640dcb9f9f42021-12-22 11:46:34.944root 11241100x80000000000000003848578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe70800716131152021-12-22 11:46:34.944root 11241100x80000000000000003848579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a1981911aa5e082021-12-22 11:46:34.944root 11241100x80000000000000003848580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2912cd46c34622682021-12-22 11:46:34.945root 11241100x80000000000000003848581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168fbb6a7f1927cb2021-12-22 11:46:34.945root 11241100x80000000000000003848582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76647fc068c7ac2021-12-22 11:46:34.945root 11241100x80000000000000003848583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9693b9d1a54e86a2021-12-22 11:46:34.945root 11241100x80000000000000003848584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86f8609a6b92d452021-12-22 11:46:34.945root 11241100x80000000000000003848585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ec4c555b38f4ad2021-12-22 11:46:34.945root 11241100x80000000000000003848586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19c832f2b83da322021-12-22 11:46:34.945root 11241100x80000000000000003848587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a689dd178a150482021-12-22 11:46:34.945root 11241100x80000000000000003848588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae0b9ef645cdba82021-12-22 11:46:34.945root 11241100x80000000000000003848589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34f6a3c4b9e0cdd2021-12-22 11:46:34.945root 11241100x80000000000000003848590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34350ac2271b690c2021-12-22 11:46:34.945root 11241100x80000000000000003848591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8553303a447d2b2021-12-22 11:46:34.945root 11241100x80000000000000003848592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f4158e2fcab25b2021-12-22 11:46:34.945root 11241100x80000000000000003848593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a9dbeb3f8bce0c2021-12-22 11:46:34.945root 11241100x80000000000000003848594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8088c0abb2266d42021-12-22 11:46:34.945root 11241100x80000000000000003848595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc9a13cdeadc3f72021-12-22 11:46:34.945root 11241100x80000000000000003848596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533116d5f2200f352021-12-22 11:46:34.946root 11241100x80000000000000003848597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc9dc0990f35d752021-12-22 11:46:34.946root 11241100x80000000000000003848598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe79a3ff7bde042021-12-22 11:46:34.946root 11241100x80000000000000003848599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef9b24d6d18cd232021-12-22 11:46:34.947root 11241100x80000000000000003848600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028e9953d5b6b28a2021-12-22 11:46:34.947root 11241100x80000000000000003848601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a30b41aa43e21d2021-12-22 11:46:34.947root 11241100x80000000000000003848602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05054bdad4bdb7e2021-12-22 11:46:34.947root 11241100x80000000000000003848603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391960c46d3033612021-12-22 11:46:34.947root 11241100x80000000000000003848604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8654cb21813980522021-12-22 11:46:34.947root 11241100x80000000000000003848605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76356646124ddbf2021-12-22 11:46:34.947root 11241100x80000000000000003848606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da3c11359a97db72021-12-22 11:46:34.947root 11241100x80000000000000003848607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d848ba023db7b2312021-12-22 11:46:34.948root 11241100x80000000000000003848608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866b1bb920e06a12021-12-22 11:46:34.948root 11241100x80000000000000003848609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d37afb1cd23828b2021-12-22 11:46:34.948root 11241100x80000000000000003848610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcd1915e8f242ed2021-12-22 11:46:34.948root 11241100x80000000000000003848611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa96a6e742ffa84d2021-12-22 11:46:34.948root 11241100x80000000000000003848612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e769b98b5aecc492021-12-22 11:46:34.948root 11241100x80000000000000003848613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8625cc86422786b22021-12-22 11:46:34.948root 11241100x80000000000000003848614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6899bc6c45fcd52021-12-22 11:46:34.949root 11241100x80000000000000003848615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3aaeb3e412c397b2021-12-22 11:46:34.949root 11241100x80000000000000003848616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65dd30714875c8c2021-12-22 11:46:34.949root 11241100x80000000000000003848617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444c1778d02b75882021-12-22 11:46:34.949root 11241100x80000000000000003848618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2816a3dac91e532c2021-12-22 11:46:34.949root 11241100x80000000000000003848619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694118fa9704fe2b2021-12-22 11:46:34.949root 11241100x80000000000000003848620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bee611a61d650e2021-12-22 11:46:34.949root 11241100x80000000000000003848621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a317e34199bf9512021-12-22 11:46:34.950root 11241100x80000000000000003848622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.257a62ec1fc6b9cf2021-12-22 11:46:34.950root 11241100x80000000000000003848623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8a00f30dfa96402021-12-22 11:46:34.950root 11241100x80000000000000003848624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2616fbaef7d0522021-12-22 11:46:34.950root 11241100x80000000000000003848625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cf8bd8bd002f522021-12-22 11:46:34.950root 11241100x80000000000000003848626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4465e8fad69b92021-12-22 11:46:34.950root 11241100x80000000000000003848627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ecb345fad9624e2021-12-22 11:46:34.950root 11241100x80000000000000003848628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37400417c7d9bf662021-12-22 11:46:34.950root 11241100x80000000000000003848629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5665219e249e2662021-12-22 11:46:34.951root 11241100x80000000000000003848630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b48678bafe242f2021-12-22 11:46:34.951root 11241100x80000000000000003848631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de08f0a3cca105f02021-12-22 11:46:34.951root 11241100x80000000000000003848632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d935b59ecb1e58112021-12-22 11:46:34.951root 11241100x80000000000000003848633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ff89acb67cb7a22021-12-22 11:46:34.951root 11241100x80000000000000003848634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13dc9811c794fc22021-12-22 11:46:34.951root 11241100x80000000000000003848635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e0198930b47af82021-12-22 11:46:34.951root 11241100x80000000000000003848636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d56796af47051942021-12-22 11:46:34.951root 354300x80000000000000003848637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.115{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55438-false10.0.1.12-8000- 11241100x80000000000000003848638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939b561975314f412021-12-22 11:46:35.443root 11241100x80000000000000003848639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795a852c7a348b2a2021-12-22 11:46:35.443root 11241100x80000000000000003848640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f87d60a9b2b4cc2021-12-22 11:46:35.443root 11241100x80000000000000003848641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0124b85e7df1e63e2021-12-22 11:46:35.443root 11241100x80000000000000003848642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3370642c93e8cb2021-12-22 11:46:35.444root 11241100x80000000000000003848643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7231405a5afe3fb22021-12-22 11:46:35.444root 11241100x80000000000000003848644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc678a0f262bcc952021-12-22 11:46:35.444root 11241100x80000000000000003848645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb34ffba39a4f4d2021-12-22 11:46:35.444root 11241100x80000000000000003848646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e84af452bd7b712021-12-22 11:46:35.444root 11241100x80000000000000003848647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c74bf51508639b72021-12-22 11:46:35.444root 11241100x80000000000000003848648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b3e7fea5b107f82021-12-22 11:46:35.444root 11241100x80000000000000003848649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895786c12c1538242021-12-22 11:46:35.444root 11241100x80000000000000003848650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c07d4d74084972021-12-22 11:46:35.444root 11241100x80000000000000003848651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fc2a5fbb8ee1592021-12-22 11:46:35.444root 11241100x80000000000000003848652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06a414654dff9dc2021-12-22 11:46:35.444root 11241100x80000000000000003848653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc641ee8643962d2021-12-22 11:46:35.444root 11241100x80000000000000003848654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04c86718ac6d2b42021-12-22 11:46:35.444root 11241100x80000000000000003848655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea79ba92a2b45e142021-12-22 11:46:35.445root 11241100x80000000000000003848656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9ac9153ce43562021-12-22 11:46:35.445root 11241100x80000000000000003848657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c0dedb13f9f0532021-12-22 11:46:35.445root 11241100x80000000000000003848658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738f9ebb4ecfec082021-12-22 11:46:35.445root 11241100x80000000000000003848659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc7afcbec3a34c42021-12-22 11:46:35.445root 11241100x80000000000000003848660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f045957060330d12021-12-22 11:46:35.445root 11241100x80000000000000003848661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cd8589ce5883352021-12-22 11:46:35.446root 11241100x80000000000000003848662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6f1fd01c8f15232021-12-22 11:46:35.446root 11241100x80000000000000003848663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a73c073d859514a2021-12-22 11:46:35.446root 11241100x80000000000000003848664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac50ab800f31d4b52021-12-22 11:46:35.446root 11241100x80000000000000003848665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47899f4908da2282021-12-22 11:46:35.446root 11241100x80000000000000003848666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572711769cd6cbb92021-12-22 11:46:35.446root 11241100x80000000000000003848667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79fa56469e80a172021-12-22 11:46:35.446root 11241100x80000000000000003848668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796fdb8023ed9e9f2021-12-22 11:46:35.447root 11241100x80000000000000003848669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7a43c777a7e1cc2021-12-22 11:46:35.447root 11241100x80000000000000003848670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5098e31e27649c2021-12-22 11:46:35.447root 11241100x80000000000000003848671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f047794e14c0c62021-12-22 11:46:35.448root 11241100x80000000000000003848672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be1aa973b7d10652021-12-22 11:46:35.448root 11241100x80000000000000003848673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.056191140d2574ba2021-12-22 11:46:35.448root 11241100x80000000000000003848674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbe2faa61f3c3772021-12-22 11:46:35.448root 11241100x80000000000000003848675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274ca7325529136c2021-12-22 11:46:35.449root 11241100x80000000000000003848676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d392254f73ac10aa2021-12-22 11:46:35.449root 11241100x80000000000000003848677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503a12bac6ab9a112021-12-22 11:46:35.449root 11241100x80000000000000003848678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e588b681e1136d7e2021-12-22 11:46:35.449root 11241100x80000000000000003848679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c45c575940e67e2021-12-22 11:46:35.449root 11241100x80000000000000003848680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9efe323d4fb2d52021-12-22 11:46:35.449root 11241100x80000000000000003848681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6625efe1e1e49a2021-12-22 11:46:35.449root 11241100x80000000000000003848682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89688820809c21772021-12-22 11:46:35.450root 11241100x80000000000000003848683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde9a1b536eec53d2021-12-22 11:46:35.450root 11241100x80000000000000003848684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f99c6287c96b5d92021-12-22 11:46:35.450root 11241100x80000000000000003848685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd3407f397e98f62021-12-22 11:46:35.450root 11241100x80000000000000003848686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de2f5d350be71772021-12-22 11:46:35.450root 11241100x80000000000000003848687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb424c75a7cff5b82021-12-22 11:46:35.450root 11241100x80000000000000003848688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73acac3128ce6802021-12-22 11:46:35.451root 11241100x80000000000000003848689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa430b445096a472021-12-22 11:46:35.451root 11241100x80000000000000003848690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f8683f2930feb02021-12-22 11:46:35.452root 11241100x80000000000000003848691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3940450b28b74e2c2021-12-22 11:46:35.452root 11241100x80000000000000003848692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c17a5d44656f35a2021-12-22 11:46:35.452root 11241100x80000000000000003848693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e4bc6b31a71d5c2021-12-22 11:46:35.452root 11241100x80000000000000003848694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473b6ad517a9b5762021-12-22 11:46:35.453root 11241100x80000000000000003848695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f50d71933dcfc42021-12-22 11:46:35.453root 11241100x80000000000000003848696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5518825df27fa4282021-12-22 11:46:35.453root 11241100x80000000000000003848697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9cf7327a99b26962021-12-22 11:46:35.454root 11241100x80000000000000003848698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10830a908884f8c2021-12-22 11:46:35.454root 11241100x80000000000000003848699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739f2273cd24cb82021-12-22 11:46:35.454root 11241100x80000000000000003848700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e2c2d150d6f892021-12-22 11:46:35.454root 11241100x80000000000000003848701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33307f73b0474432021-12-22 11:46:35.454root 11241100x80000000000000003848702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c75437450ce3182021-12-22 11:46:35.454root 11241100x80000000000000003848703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661d8d3eddc846012021-12-22 11:46:35.455root 11241100x80000000000000003848704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c65f3725ff47392021-12-22 11:46:35.455root 11241100x80000000000000003848705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39da58cf24555ba32021-12-22 11:46:35.455root 11241100x80000000000000003848706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0375ab4fc882c7c2021-12-22 11:46:35.455root 11241100x80000000000000003848707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a542da228e210d6f2021-12-22 11:46:35.455root 11241100x80000000000000003848708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173de3ffaf9aea7e2021-12-22 11:46:35.456root 11241100x80000000000000003848709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540c302d6c2c4ee22021-12-22 11:46:35.456root 11241100x80000000000000003848710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3319fb7e9d2286662021-12-22 11:46:35.456root 11241100x80000000000000003848711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb7e6fbbe1b240f2021-12-22 11:46:35.456root 11241100x80000000000000003848712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af714a6be07a2842021-12-22 11:46:35.456root 11241100x80000000000000003848713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa4aa8a9830bc802021-12-22 11:46:35.457root 11241100x80000000000000003848714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a330f10b99181d152021-12-22 11:46:35.457root 11241100x80000000000000003848715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a4e55cebabeada2021-12-22 11:46:35.457root 11241100x80000000000000003848716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac28d86c59123adb2021-12-22 11:46:35.457root 11241100x80000000000000003848717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7884ca36c8cad48b2021-12-22 11:46:35.457root 11241100x80000000000000003848718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6316d462abb61f2021-12-22 11:46:35.457root 11241100x80000000000000003848719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5921610f9b49d3d72021-12-22 11:46:35.457root 11241100x80000000000000003848720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa336d3074c2c7c32021-12-22 11:46:35.457root 11241100x80000000000000003848721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee4e8d25ef8f7d2021-12-22 11:46:35.457root 11241100x80000000000000003848722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eedb68cdc50ea752021-12-22 11:46:35.458root 11241100x80000000000000003848723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530a4af004f0e4592021-12-22 11:46:35.458root 11241100x80000000000000003848724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6813c0c6721a8c2021-12-22 11:46:35.458root 11241100x80000000000000003848725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849d26ec4f93d8202021-12-22 11:46:35.458root 11241100x80000000000000003848726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a768d1473dd7b02021-12-22 11:46:35.459root 11241100x80000000000000003848727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855adb74daa6175a2021-12-22 11:46:35.459root 11241100x80000000000000003848728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9d074f4f8ab8532021-12-22 11:46:35.459root 11241100x80000000000000003848729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8727a0df89ae5b722021-12-22 11:46:35.459root 11241100x80000000000000003848730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66dd9d19557835892021-12-22 11:46:35.459root 11241100x80000000000000003848731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f74134443e1178a2021-12-22 11:46:35.459root 11241100x80000000000000003848732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf787affe75a7a972021-12-22 11:46:35.459root 11241100x80000000000000003848733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545801a104761e7c2021-12-22 11:46:35.459root 11241100x80000000000000003848734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f6a4e13a94d3342021-12-22 11:46:35.460root 11241100x80000000000000003848735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3d2e9217ecec892021-12-22 11:46:35.460root 11241100x80000000000000003848736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f1a2e57d9273f22021-12-22 11:46:35.460root 11241100x80000000000000003848737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d44d2a5b8551b552021-12-22 11:46:35.460root 11241100x80000000000000003848738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0315f2232e08b6112021-12-22 11:46:35.460root 11241100x80000000000000003848739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334f1b678222e8ed2021-12-22 11:46:35.460root 11241100x80000000000000003848740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20522ca142103d862021-12-22 11:46:35.460root 11241100x80000000000000003848741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504438e83b3e64a62021-12-22 11:46:35.460root 11241100x80000000000000003848742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb38515a38b13e682021-12-22 11:46:35.460root 11241100x80000000000000003848743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2c9763efe2a18b2021-12-22 11:46:35.460root 11241100x80000000000000003848744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac43d79bd784e06c2021-12-22 11:46:35.460root 11241100x80000000000000003848745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85592d5bde2183f52021-12-22 11:46:35.461root 11241100x80000000000000003848746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdf40b2b561831c2021-12-22 11:46:35.461root 11241100x80000000000000003848747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8ed73aa7a635102021-12-22 11:46:35.461root 11241100x80000000000000003848748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833583b839b50b412021-12-22 11:46:35.461root 11241100x80000000000000003848749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a01f466deac55d2021-12-22 11:46:35.461root 11241100x80000000000000003848750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cde4f6c19ff5362021-12-22 11:46:35.461root 11241100x80000000000000003848751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee385f8a12287012021-12-22 11:46:35.461root 11241100x80000000000000003848752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5d1fc776fed04f2021-12-22 11:46:35.461root 11241100x80000000000000003848753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558327d6d4cae5112021-12-22 11:46:35.461root 11241100x80000000000000003848754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d8efcfd2ea0f672021-12-22 11:46:35.461root 11241100x80000000000000003848755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c0c55cafda1e1c2021-12-22 11:46:35.461root 11241100x80000000000000003848756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a246691c16319812021-12-22 11:46:35.461root 11241100x80000000000000003848757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59e4ef06a2c729a2021-12-22 11:46:35.462root 11241100x80000000000000003848758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5c355872db6a4d2021-12-22 11:46:35.462root 11241100x80000000000000003848759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9daf0a5c7c7a67ed2021-12-22 11:46:35.462root 11241100x80000000000000003848760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc6f9f3b02ef4e42021-12-22 11:46:35.462root 11241100x80000000000000003848761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9372242b798391e02021-12-22 11:46:35.462root 11241100x80000000000000003848762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffd2861cee6dafe2021-12-22 11:46:35.463root 11241100x80000000000000003848763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2382e4e611c78a752021-12-22 11:46:35.463root 11241100x80000000000000003848764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c36fd3b4c6a1f5852021-12-22 11:46:35.463root 11241100x80000000000000003848765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b64ac3ab3febf32021-12-22 11:46:35.463root 11241100x80000000000000003848766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94ff1ba2f406cde2021-12-22 11:46:35.463root 11241100x80000000000000003848767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf00c7f9d119ac302021-12-22 11:46:35.463root 11241100x80000000000000003848768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e5033f931793ad2021-12-22 11:46:35.463root 11241100x80000000000000003848769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924ab2838f1587182021-12-22 11:46:35.463root 11241100x80000000000000003848770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe96af1eff1c8792021-12-22 11:46:35.463root 11241100x80000000000000003848771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541d733689f2bec62021-12-22 11:46:35.464root 11241100x80000000000000003848772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd9d142eedd91ab2021-12-22 11:46:35.464root 11241100x80000000000000003848773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b336a230ed45bfee2021-12-22 11:46:35.464root 11241100x80000000000000003848774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a389f66cb6f36f2021-12-22 11:46:35.464root 11241100x80000000000000003848775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23f649428988cf12021-12-22 11:46:35.464root 11241100x80000000000000003848776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192cdb5f8e21f5c62021-12-22 11:46:35.464root 11241100x80000000000000003848777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2151a8f3967aee42021-12-22 11:46:35.464root 11241100x80000000000000003848778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d471dd8f463da82021-12-22 11:46:35.464root 11241100x80000000000000003848779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81271deae991b9692021-12-22 11:46:35.465root 11241100x80000000000000003848780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49642e949bc5892f2021-12-22 11:46:35.465root 11241100x80000000000000003848781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d084302983ea9682021-12-22 11:46:35.465root 11241100x80000000000000003848782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6adf94545b04062021-12-22 11:46:35.465root 11241100x80000000000000003848783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a653af42e2e6f92021-12-22 11:46:35.465root 11241100x80000000000000003848784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca307b8f140b85c2021-12-22 11:46:35.465root 11241100x80000000000000003848785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79882f5e4f2c30e72021-12-22 11:46:35.465root 11241100x80000000000000003848786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c4592d8671fd6b2021-12-22 11:46:35.465root 11241100x80000000000000003848787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da028075a5177bbd2021-12-22 11:46:35.465root 11241100x80000000000000003848788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182ea9fd155076d12021-12-22 11:46:35.466root 11241100x80000000000000003848789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fddff56e6215692021-12-22 11:46:35.466root 11241100x80000000000000003848790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1847ce712742d8f2021-12-22 11:46:35.466root 11241100x80000000000000003848791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb328f947abc75ef2021-12-22 11:46:35.466root 11241100x80000000000000003848792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc550985aa0827c52021-12-22 11:46:35.466root 11241100x80000000000000003848793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf7ad9067f88d3c2021-12-22 11:46:35.466root 11241100x80000000000000003848794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f345609a2955793b2021-12-22 11:46:35.466root 11241100x80000000000000003848795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9882e2062114da22021-12-22 11:46:35.466root 11241100x80000000000000003848796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3c24cf1e942eb52021-12-22 11:46:35.467root 11241100x80000000000000003848797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722543d6adc68cc82021-12-22 11:46:35.467root 11241100x80000000000000003848798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1819f25a905362021-12-22 11:46:35.467root 11241100x80000000000000003848799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f06a1239459b992021-12-22 11:46:35.467root 11241100x80000000000000003848800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c5d37c5e9c63862021-12-22 11:46:35.467root 11241100x80000000000000003848801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72248c38252c9712021-12-22 11:46:35.467root 11241100x80000000000000003848802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc182a1623fc691c2021-12-22 11:46:35.467root 11241100x80000000000000003848803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2413744cb7f4ec2021-12-22 11:46:35.468root 11241100x80000000000000003848804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a978095eb958acd2021-12-22 11:46:35.468root 11241100x80000000000000003848805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfae700861973122021-12-22 11:46:35.468root 11241100x80000000000000003848806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae8b325de50cc7d2021-12-22 11:46:35.468root 11241100x80000000000000003848807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d38b11a14f947b72021-12-22 11:46:35.468root 11241100x80000000000000003848808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c708a4432be08f282021-12-22 11:46:35.468root 11241100x80000000000000003848809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6665340e06a39a6c2021-12-22 11:46:35.468root 11241100x80000000000000003848810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ef9b43c1d662a32021-12-22 11:46:35.469root 11241100x80000000000000003848811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8779683fc14af82021-12-22 11:46:35.469root 11241100x80000000000000003848812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86c0529bfec7b312021-12-22 11:46:35.469root 11241100x80000000000000003848813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d421bbd76b7a9d602021-12-22 11:46:35.469root 11241100x80000000000000003848814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8520d2c4ee240062021-12-22 11:46:35.469root 11241100x80000000000000003848815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b50a70d2a1cc2b2021-12-22 11:46:35.469root 11241100x80000000000000003848816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede857cb3f77042b2021-12-22 11:46:35.469root 11241100x80000000000000003848817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e6659c722dbcac2021-12-22 11:46:35.469root 11241100x80000000000000003848818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45742bf33abcc3232021-12-22 11:46:35.469root 11241100x80000000000000003848819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ca3d460adf27bd2021-12-22 11:46:35.470root 11241100x80000000000000003848820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ee86aaec3995162021-12-22 11:46:35.470root 11241100x80000000000000003848821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfcc0c4a1cd1ca82021-12-22 11:46:35.470root 11241100x80000000000000003848822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bdb5d8ac3ba5822021-12-22 11:46:35.470root 11241100x80000000000000003848823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3335e4aa70003c942021-12-22 11:46:35.470root 11241100x80000000000000003848824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c79d6bb98469e22021-12-22 11:46:35.470root 11241100x80000000000000003848825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc03859d90b13a4f2021-12-22 11:46:35.470root 11241100x80000000000000003848826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bf5062dc4b09b82021-12-22 11:46:35.471root 11241100x80000000000000003848827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f769704c5be1b4372021-12-22 11:46:35.471root 11241100x80000000000000003848828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3400753ec041d8a2021-12-22 11:46:35.471root 11241100x80000000000000003848829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff9979391ed1c6f2021-12-22 11:46:35.471root 11241100x80000000000000003848830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36df02900d65d4152021-12-22 11:46:35.471root 11241100x80000000000000003848831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef63001f37e9eb82021-12-22 11:46:35.473root 11241100x80000000000000003848832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d6643b081f8ab62021-12-22 11:46:35.473root 11241100x80000000000000003848833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d685752ac5e6802021-12-22 11:46:35.473root 11241100x80000000000000003848834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bf248c0a01835f2021-12-22 11:46:35.473root 11241100x80000000000000003848835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4d791df934024c2021-12-22 11:46:35.473root 11241100x80000000000000003848836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a4f5b4462a228b2021-12-22 11:46:35.474root 11241100x80000000000000003848837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79adfb84acbddb522021-12-22 11:46:35.474root 11241100x80000000000000003848838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb84b2257bc550b2021-12-22 11:46:35.474root 11241100x80000000000000003848839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220d50dca68ac172021-12-22 11:46:35.474root 11241100x80000000000000003848840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3814ad8ee431fc4d2021-12-22 11:46:35.474root 11241100x80000000000000003848841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d255791c0844081e2021-12-22 11:46:35.474root 11241100x80000000000000003848842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14ddca666c7df7c2021-12-22 11:46:35.475root 11241100x80000000000000003848843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbfda1df226c4162021-12-22 11:46:35.475root 11241100x80000000000000003848844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f0bbf5dadbf7a2021-12-22 11:46:35.475root 11241100x80000000000000003848845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e16b7cea82034d2021-12-22 11:46:35.475root 11241100x80000000000000003848846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd6e77cefc5c3ea2021-12-22 11:46:35.475root 11241100x80000000000000003848847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35ce5770073db4d2021-12-22 11:46:35.475root 11241100x80000000000000003848848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577558e2d4e865ce2021-12-22 11:46:35.475root 11241100x80000000000000003848849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5471c66a69946c2021-12-22 11:46:35.475root 11241100x80000000000000003848850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dddf42597c921892021-12-22 11:46:35.475root 11241100x80000000000000003848851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fb5a28816c265e2021-12-22 11:46:35.475root 11241100x80000000000000003848852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374a2e27684947c02021-12-22 11:46:35.476root 11241100x80000000000000003848853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548c86a06dc8935c2021-12-22 11:46:35.476root 11241100x80000000000000003848854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a58abb1915b1652021-12-22 11:46:35.476root 11241100x80000000000000003848855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9bce49ab101bc32021-12-22 11:46:35.476root 11241100x80000000000000003848856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143bd2da4d8464392021-12-22 11:46:35.476root 11241100x80000000000000003848857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff052ff77bb0c4372021-12-22 11:46:35.476root 11241100x80000000000000003848858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0baaaaf18d1f12021-12-22 11:46:35.476root 11241100x80000000000000003848859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf80cd1972348142021-12-22 11:46:35.476root 11241100x80000000000000003848860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.476{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d11cf8dad119242021-12-22 11:46:35.476root 11241100x80000000000000003848861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a446de5710d7cd502021-12-22 11:46:35.477root 11241100x80000000000000003848862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467a90eeffaf059f2021-12-22 11:46:35.477root 11241100x80000000000000003848863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aaf4993a7a0030c2021-12-22 11:46:35.477root 11241100x80000000000000003848864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98a76e08094bece2021-12-22 11:46:35.477root 11241100x80000000000000003848865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07717adb90f1b2a2021-12-22 11:46:35.477root 11241100x80000000000000003848866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f689e206061d883c2021-12-22 11:46:35.477root 11241100x80000000000000003848867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97daf3b68746c9212021-12-22 11:46:35.477root 11241100x80000000000000003848868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedf1c988f484bdf2021-12-22 11:46:35.477root 11241100x80000000000000003848869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c4987dde7244dc2021-12-22 11:46:35.477root 11241100x80000000000000003848870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ecc277780cbad32021-12-22 11:46:35.477root 11241100x80000000000000003848871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d946ee459d05fa62021-12-22 11:46:35.478root 11241100x80000000000000003848872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa28184a18206c472021-12-22 11:46:35.478root 11241100x80000000000000003848873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476c3fc872381f712021-12-22 11:46:35.478root 11241100x80000000000000003848874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1c50c760e109b2021-12-22 11:46:35.478root 11241100x80000000000000003848875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96665ba68c15dac2021-12-22 11:46:35.478root 11241100x80000000000000003848876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70100a98f392e46e2021-12-22 11:46:35.478root 11241100x80000000000000003848877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5f169ccad3c7872021-12-22 11:46:35.478root 11241100x80000000000000003848878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4859fde7ecb8ed932021-12-22 11:46:35.478root 11241100x80000000000000003848879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25b5314088d7bbc2021-12-22 11:46:35.478root 11241100x80000000000000003848880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e360aeeb825d0c582021-12-22 11:46:35.479root 11241100x80000000000000003848881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2aa1c540c2916f2021-12-22 11:46:35.479root 11241100x80000000000000003848882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24b4c54b0cfb33e2021-12-22 11:46:35.479root 11241100x80000000000000003848883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aae38a5007b8a72021-12-22 11:46:35.479root 11241100x80000000000000003848884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c194fd095a0d490f2021-12-22 11:46:35.479root 11241100x80000000000000003848885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104aa0643e5e80582021-12-22 11:46:35.479root 11241100x80000000000000003848886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7614cf947c838b2021-12-22 11:46:35.479root 11241100x80000000000000003848887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6fd19a17d07bf42021-12-22 11:46:35.479root 11241100x80000000000000003848888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ad402167ba2abc2021-12-22 11:46:35.479root 11241100x80000000000000003848889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4382ff83c283ca072021-12-22 11:46:35.480root 11241100x80000000000000003848890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0574d94bf8ace3b2021-12-22 11:46:35.483root 11241100x80000000000000003848891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68de31db95a27622021-12-22 11:46:35.483root 11241100x80000000000000003848892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a8410e868541042021-12-22 11:46:35.484root 11241100x80000000000000003848893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d1c34a39e4b6aa2021-12-22 11:46:35.485root 11241100x80000000000000003848894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bcc7bc7e6a15652021-12-22 11:46:35.485root 11241100x80000000000000003848895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e942b590ae85d392021-12-22 11:46:35.486root 11241100x80000000000000003848896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.487{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8108c17c2d976e832021-12-22 11:46:35.487root 11241100x80000000000000003848897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241f0f787d75134c2021-12-22 11:46:35.488root 11241100x80000000000000003848898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.488{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e450c8b7ff40512021-12-22 11:46:35.488root 11241100x80000000000000003848899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edc992e3f75dd932021-12-22 11:46:35.489root 11241100x80000000000000003848900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbbadeb8de868ff2021-12-22 11:46:35.490root 11241100x80000000000000003848901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beea8e4a3b26640c2021-12-22 11:46:35.490root 534500x80000000000000003848902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.774{00000000-0000-0000-0000-000000000000}19060<unknown process>ubuntu 11241100x80000000000000003848903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593cc3ba3cf845f2021-12-22 11:46:35.775root 11241100x80000000000000003848904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.775{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d572bee72c8cc5132021-12-22 11:46:35.775root 11241100x80000000000000003848905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fdf703914d834192021-12-22 11:46:35.776root 11241100x80000000000000003848906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1ca115eef5434f2021-12-22 11:46:35.776root 11241100x80000000000000003848907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac775cb2146dbc992021-12-22 11:46:35.776root 11241100x80000000000000003848908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855b191fb999770e2021-12-22 11:46:35.776root 11241100x80000000000000003848909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa0cf94644c1d012021-12-22 11:46:35.776root 534500x80000000000000003848910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.776{00000000-0000-0000-0000-000000000000}19061<unknown process>ubuntu 11241100x80000000000000003848911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ae5be3a01f9b802021-12-22 11:46:35.777root 11241100x80000000000000003848912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3471683a6fdb5fc92021-12-22 11:46:35.777root 11241100x80000000000000003848913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a49f23fcbfe62382021-12-22 11:46:35.777root 11241100x80000000000000003848914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61979cb68cf7871d2021-12-22 11:46:35.777root 11241100x80000000000000003848915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9cf6127757305b2021-12-22 11:46:35.777root 11241100x80000000000000003848916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c4d50af33402a42021-12-22 11:46:35.777root 11241100x80000000000000003848917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b910378708d83c2021-12-22 11:46:35.778root 11241100x80000000000000003848918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cda979d28b501a2021-12-22 11:46:35.778root 11241100x80000000000000003848919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66774b645e4518ad2021-12-22 11:46:35.778root 11241100x80000000000000003848920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76226dab4b9c7ace2021-12-22 11:46:35.778root 11241100x80000000000000003848921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.AmAYF92021-12-22 11:46:35.777ubuntu 23542300x80000000000000003848922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.777{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.AmAYF9--- 11241100x80000000000000003848923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.778{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8babd7780c83f42021-12-22 11:46:35.778root 11241100x80000000000000003848924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142fc93c5a044a462021-12-22 11:46:35.779root 11241100x80000000000000003848925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1a8ba68ded2a222021-12-22 11:46:35.779root 11241100x80000000000000003848926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef2a4523bae0bb72021-12-22 11:46:35.779root 11241100x80000000000000003848927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84ce3895edf4772021-12-22 11:46:35.779root 11241100x80000000000000003848928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.779{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de72029ccf48dc7f2021-12-22 11:46:35.779root 11241100x80000000000000003848929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd221445daf053c2021-12-22 11:46:35.780root 11241100x80000000000000003848930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b6ca40b54ff2882021-12-22 11:46:35.780root 11241100x80000000000000003848931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b235bd17372577282021-12-22 11:46:35.780root 11241100x80000000000000003848932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408cacc29554d9c42021-12-22 11:46:35.780root 11241100x80000000000000003848933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.780{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daae913820b1457f2021-12-22 11:46:35.780root 11241100x80000000000000003848934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5458e6c52b24b1012021-12-22 11:46:35.781root 11241100x80000000000000003848935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a2c0dc94c042942021-12-22 11:46:35.781root 11241100x80000000000000003848936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.555e8ebaaa3f25452021-12-22 11:46:35.781root 11241100x80000000000000003848937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.781{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bea3a81061d0dc2021-12-22 11:46:35.781root 11241100x80000000000000003848938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.782{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad40ab77246a9ba2021-12-22 11:46:35.782root 11241100x80000000000000003848939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.782{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0297a92d0e0d6fa82021-12-22 11:46:35.782root 11241100x80000000000000003848940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.782{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b240f9a550632e2021-12-22 11:46:35.782root 11241100x80000000000000003848941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.783{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695589a2f9e851af2021-12-22 11:46:35.783root 11241100x80000000000000003848942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.783{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7ef9e167a609892021-12-22 11:46:35.783root 11241100x80000000000000003848943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.783{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82778a1721652352021-12-22 11:46:35.783root 11241100x80000000000000003848944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.784{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b5ec49075a3a772021-12-22 11:46:35.784root 11241100x80000000000000003848945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.784{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775be2d7d36c428a2021-12-22 11:46:35.784root 11241100x80000000000000003848946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.784{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0457097f48cc7e82021-12-22 11:46:35.784root 11241100x80000000000000003848947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d10b21b3ba26cc92021-12-22 11:46:35.785root 11241100x80000000000000003848948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7755e6d4fcceb612021-12-22 11:46:35.785root 11241100x80000000000000003848949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f15a2bd5b6ae5f2021-12-22 11:46:35.785root 11241100x80000000000000003848950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.785{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2b2bf3b13c8a1a2021-12-22 11:46:35.785root 11241100x80000000000000003848951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b37dd8efc4c0e3e2021-12-22 11:46:35.786root 11241100x80000000000000003848952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffcb5220672843752021-12-22 11:46:35.786root 11241100x80000000000000003848953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c75ae921ee09d62021-12-22 11:46:35.786root 11241100x80000000000000003848954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.786{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e5e0ff6eb513d2021-12-22 11:46:35.786root 11241100x80000000000000003848955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.787{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fffc5381a5815972021-12-22 11:46:35.787root 11241100x80000000000000003848956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.787{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ff4dc4ec6b80a02021-12-22 11:46:35.787root 11241100x80000000000000003848957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.787{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbfddc41c5acfc42021-12-22 11:46:35.787root 11241100x80000000000000003848958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb36b6c4ebfc5b2021-12-22 11:46:35.788root 11241100x80000000000000003848959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8b746ab0ca17432021-12-22 11:46:35.788root 11241100x80000000000000003848960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d003a717657b412021-12-22 11:46:35.788root 11241100x80000000000000003848961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.788{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26233c68b478ba32021-12-22 11:46:35.788root 11241100x80000000000000003848962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.789{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd2d6b36092867e2021-12-22 11:46:35.789root 11241100x80000000000000003848963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.789{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbefa867d99f7ae92021-12-22 11:46:35.789root 11241100x80000000000000003848964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.789{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d39afb3ef5719992021-12-22 11:46:35.789root 11241100x80000000000000003848965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.790{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98fe0b37768329d2021-12-22 11:46:35.790root 11241100x80000000000000003848966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:35.790{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5640ad5c1bfb84d2021-12-22 11:46:35.790root 23542300x80000000000000003848967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.145{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x80000000000000003848968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33bb6032bc72f2f92021-12-22 11:46:36.146root 11241100x80000000000000003848969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760ee9efbaef982e2021-12-22 11:46:36.146root 11241100x80000000000000003848970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149b2bb1b460c8ec2021-12-22 11:46:36.146root 11241100x80000000000000003848971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53d6d8b066fcd742021-12-22 11:46:36.147root 11241100x80000000000000003848972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec99898aa296ec8b2021-12-22 11:46:36.147root 11241100x80000000000000003848973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e9026d1d8234702021-12-22 11:46:36.147root 11241100x80000000000000003848974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4164cdf2d2dff82021-12-22 11:46:36.147root 11241100x80000000000000003848975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669d174ddab11e432021-12-22 11:46:36.147root 11241100x80000000000000003848976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34c3e05ddbe302b2021-12-22 11:46:36.147root 11241100x80000000000000003848977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe343d3e42f10f022021-12-22 11:46:36.148root 11241100x80000000000000003848978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cbace9b155727d2021-12-22 11:46:36.148root 11241100x80000000000000003848979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b24a4abd4484272021-12-22 11:46:36.148root 11241100x80000000000000003848980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132dd3a5bae3974e2021-12-22 11:46:36.148root 11241100x80000000000000003848981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0f355571d98bdf2021-12-22 11:46:36.148root 11241100x80000000000000003848982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ece66fd191f9b2a2021-12-22 11:46:36.148root 11241100x80000000000000003848983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.148{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cac7b123ab247d32021-12-22 11:46:36.148root 11241100x80000000000000003848984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a3fb0da7053d942021-12-22 11:46:36.149root 11241100x80000000000000003848985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927021a0f914b3062021-12-22 11:46:36.149root 11241100x80000000000000003848986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2be7c309fc816602021-12-22 11:46:36.149root 11241100x80000000000000003848987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410309d38cbc14182021-12-22 11:46:36.149root 11241100x80000000000000003848988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ba921c6fefb8702021-12-22 11:46:36.149root 11241100x80000000000000003848989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fabe87d38e865612021-12-22 11:46:36.149root 11241100x80000000000000003848990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:36.149{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c838039e4934e4d2021-12-22 11:46:36.149root 534500x80000000000000003849038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.249{00000000-0000-0000-0000-000000000000}19062<unknown process>ubuntu 534500x80000000000000003849039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.250{ec2b6afe-9233-61c1-c81a-006eee550000}19063-ubuntu 11241100x80000000000000003849040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.251{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash/tmp/sh-thd.8wujQV2021-12-22 11:46:38.251ubuntu 23542300x80000000000000003849041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.251{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702ubuntu/bin/bash/tmp/sh-thd.8wujQV--- 11241100x80000000000000003849042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dbcd011d85866c2021-12-22 11:46:38.692root 11241100x80000000000000003849043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6f8a3945c516d42021-12-22 11:46:38.693root 11241100x80000000000000003849044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0c5330786c8c8c2021-12-22 11:46:38.693root 11241100x80000000000000003849045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aaa50383c47675a2021-12-22 11:46:38.693root 154100x80000000000000003849046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.763{ec2b6afe-101e-61c3-8022-5e884a560000}19064/bin/nano-----nano evil_preload.c/home/ubuntuubuntu{ec2b6afe-ff0e-61c2-e803-000000000000}100033no level-{ec2b6afe-ff0e-61c2-08d4-b39300560000}18702/bin/bash-bashubuntu 11241100x80000000000000003849047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:38.787{ec2b6afe-101e-61c3-8022-5e884a560000}19064/bin/nano/home/ubuntu/.evil_preload.c.swp2021-12-22 11:46:38.787ubuntu 11241100x80000000000000003849048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ee8670a79c9c3e2021-12-22 11:46:39.192root 11241100x80000000000000003849049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e8369f343ac1722021-12-22 11:46:39.193root 11241100x80000000000000003849050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daddc8c59b6534e2021-12-22 11:46:39.193root 11241100x80000000000000003849051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08448f763f93a33c2021-12-22 11:46:39.193root 11241100x80000000000000003849052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8e1dfb878f2d662021-12-22 11:46:39.193root 11241100x80000000000000003849053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d67752156438fc22021-12-22 11:46:39.193root 11241100x80000000000000003849054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421fd8abe9c57db92021-12-22 11:46:39.693root 11241100x80000000000000003849055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e82c648ff8ce722021-12-22 11:46:39.693root 11241100x80000000000000003849056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932e60bc4de1bab22021-12-22 11:46:39.693root 11241100x80000000000000003849057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c743f025cd632fa22021-12-22 11:46:39.693root 11241100x80000000000000003849058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86937644e265b7a2021-12-22 11:46:39.693root 11241100x80000000000000003849059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ffb619b51970e72021-12-22 11:46:39.693root 11241100x80000000000000003849060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47fd022432637fc22021-12-22 11:46:40.193root 11241100x80000000000000003849061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a779986386880e6d2021-12-22 11:46:40.193root 11241100x80000000000000003849062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd363f969c370ed2021-12-22 11:46:40.193root 11241100x80000000000000003849063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d5addad02fd2b62021-12-22 11:46:40.193root 11241100x80000000000000003849064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919f94439b092ff22021-12-22 11:46:40.193root 11241100x80000000000000003849065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716683fe1b36f66e2021-12-22 11:46:40.193root 11241100x80000000000000003849066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6fbf833eaad38f2021-12-22 11:46:40.693root 11241100x80000000000000003849067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f0feeb81128f02021-12-22 11:46:40.693root 11241100x80000000000000003849068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cf8dd48c04c4ee2021-12-22 11:46:40.693root 11241100x80000000000000003849069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3415085ddcb6d2f2021-12-22 11:46:40.693root 11241100x80000000000000003849070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730e3e1d9efc95af2021-12-22 11:46:40.693root 11241100x80000000000000003849071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7b2f1a4ace90b2021-12-22 11:46:40.693root 354300x80000000000000003849072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-55440-false10.0.1.12-8000- 11241100x80000000000000003849073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd4973c6024a6e52021-12-22 11:46:41.101root 11241100x80000000000000003849074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebcfccc4ffae6cf2021-12-22 11:46:41.101root 11241100x80000000000000003849075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4848c92396a7e32021-12-22 11:46:41.101root 11241100x80000000000000003849076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b033602bdb1e74092021-12-22 11:46:41.101root 11241100x80000000000000003849077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5887ffd09aee23082021-12-22 11:46:41.101root 11241100x80000000000000003849078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832ceedc3ba6266c2021-12-22 11:46:41.101root 11241100x80000000000000003849079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.298485e17c33b88e2021-12-22 11:46:41.101root 11241100x80000000000000003849080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81001a956e2e00072021-12-22 11:46:41.443root 11241100x80000000000000003849081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a350980e7438c662021-12-22 11:46:41.443root 11241100x80000000000000003849082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644ec12f20acde0a2021-12-22 11:46:41.444root 11241100x80000000000000003849083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f12b67545ff4ed2021-12-22 11:46:41.444root 11241100x80000000000000003849084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f6e45dc4af0a6c2021-12-22 11:46:41.444root 11241100x80000000000000003849085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7569b6c5263192292021-12-22 11:46:41.445root 11241100x80000000000000003849086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f1de0cb3a6babc2021-12-22 11:46:41.445root 11241100x80000000000000003849087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a652c4a60ca25b192021-12-22 11:46:41.943root 11241100x80000000000000003849088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462bbf73ed58e5f12021-12-22 11:46:41.943root 11241100x80000000000000003849089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc198c39610a1db2021-12-22 11:46:41.943root 11241100x80000000000000003849090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d68cdf9fb754862021-12-22 11:46:41.943root 11241100x80000000000000003849091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831a2527b4460c4b2021-12-22 11:46:41.944root 11241100x80000000000000003849092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368243bf482b66312021-12-22 11:46:41.944root 11241100x80000000000000003849093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcb9fc80bcde3892021-12-22 11:46:41.944root 11241100x80000000000000003849094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f579d6b7be142fc2021-12-22 11:46:42.443root 11241100x80000000000000003849095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df64a0a65502d5c2021-12-22 11:46:42.443root 11241100x80000000000000003849096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f19bdfa4ada8ff2021-12-22 11:46:42.443root 11241100x80000000000000003849097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68650382228aed742021-12-22 11:46:42.443root 11241100x80000000000000003849098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f124dd2cdb976eb2021-12-22 11:46:42.444root 11241100x80000000000000003849099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6d11678104daf72021-12-22 11:46:42.444root 11241100x80000000000000003849100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e984a4a74de477822021-12-22 11:46:42.444root 11241100x80000000000000003849101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592061d72b2077bf2021-12-22 11:46:42.943root 11241100x80000000000000003849102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02607c27e156f9562021-12-22 11:46:42.943root 11241100x80000000000000003849103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef490820506004ca2021-12-22 11:46:42.943root 11241100x80000000000000003849104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d9c2828a044a72021-12-22 11:46:42.943root 11241100x80000000000000003849105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abbdcea30fc2d8a2021-12-22 11:46:42.943root 11241100x80000000000000003849106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d802b7a5e53fc8a12021-12-22 11:46:42.943root 11241100x80000000000000003849107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e748928128f37c92021-12-22 11:46:42.943root 11241100x80000000000000003849108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ab2332f906eda82021-12-22 11:46:43.443root 11241100x80000000000000003849109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74223e09370bb5372021-12-22 11:46:43.443root 11241100x80000000000000003849110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08670a17df1a7d932021-12-22 11:46:43.443root 11241100x80000000000000003849111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d18b10c26559f992021-12-22 11:46:43.443root 11241100x80000000000000003849112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f7431500b121552021-12-22 11:46:43.443root 11241100x80000000000000003849113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f1636da7ea78302021-12-22 11:46:43.443root 11241100x80000000000000003849114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c1402c2976fddc2021-12-22 11:46:43.443root 11241100x80000000000000003849115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c42b18908bc6de2021-12-22 11:46:43.943root 11241100x80000000000000003849116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d1457804513b172021-12-22 11:46:43.943root 11241100x80000000000000003849117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c398c050423d39632021-12-22 11:46:43.943root 11241100x80000000000000003849118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc0fe3ec803db302021-12-22 11:46:43.943root 11241100x80000000000000003849119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f830937b629a9d2021-12-22 11:46:43.943root 11241100x80000000000000003849120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1faadc6fa7de97a2021-12-22 11:46:43.943root 11241100x80000000000000003849121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da99f5d5a1740892021-12-22 11:46:43.943root 11241100x80000000000000003849122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee4ec2218b9aba22021-12-22 11:46:44.443root 11241100x80000000000000003849123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902783ecd877a2772021-12-22 11:46:44.443root 11241100x80000000000000003849124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df66fedf9f978c042021-12-22 11:46:44.443root 11241100x80000000000000003849125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb32eac39ab5e192021-12-22 11:46:44.443root 11241100x80000000000000003849126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3a0769d6a335c82021-12-22 11:46:44.443root 11241100x80000000000000003849127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0ac6413267e4a12021-12-22 11:46:44.443root 11241100x80000000000000003849128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be69476b9ff1584a2021-12-22 11:46:44.443root 11241100x80000000000000003849129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca182eb4ffd0670a2021-12-22 11:46:44.943root 11241100x80000000000000003849130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb3de56b111a95d2021-12-22 11:46:44.943root 11241100x80000000000000003849131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f749683424d0de2021-12-22 11:46:44.943root 11241100x80000000000000003849132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e6d70f5249a4972021-12-22 11:46:44.943root 11241100x80000000000000003849133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6855450d065aee62021-12-22 11:46:44.943root 11241100x80000000000000003849134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd0cb12cda03b662021-12-22 11:46:44.943root 11241100x80000000000000003849135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997f6886780015872021-12-22 11:46:44.943root 11241100x80000000000000003849136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa2a1bcd74817e12021-12-22 11:46:45.443root 11241100x80000000000000003849137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee37f561c2856c82021-12-22 11:46:45.443root 11241100x80000000000000003849138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe4b251d45888c62021-12-22 11:46:45.443root 11241100x80000000000000003849139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b266b27ef883c082021-12-22 11:46:45.443root 11241100x80000000000000003849140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50dda5509a18311c2021-12-22 11:46:45.443root 11241100x80000000000000003849141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b783cc794089c12021-12-22 11:46:45.443root 11241100x80000000000000003849142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b57495a0ae81c42021-12-22 11:46:45.443root 11241100x80000000000000003849143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014db32a6bcd27f62021-12-22 11:46:45.943root 11241100x80000000000000003849144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5165aaa683b09a2021-12-22 11:46:45.943root 11241100x80000000000000003849145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed8a1c726de3f4d2021-12-22 11:46:45.943root 11241100x80000000000000003849146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2518efb930240d2021-12-22 11:46:45.943root 11241100x80000000000000003849147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3aa6d8d181695cf2021-12-22 11:46:45.943root 11241100x80000000000000003849148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acc3388ecbc96242021-12-22 11:46:45.943root 11241100x80000000000000003849149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b0079d7c1794582021-12-22 11:46:45.943root 11241100x80000000000000003849150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67947587504284b72021-12-22 11:46:46.443root 11241100x80000000000000003849151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd541c6ca2b8dca2021-12-22 11:46:46.443root 11241100x80000000000000003849152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f94a9d7ea280a82021-12-22 11:46:46.443root 11241100x80000000000000003849153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-22 11:46:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0bfdeb4fedf2fd32021-12-22 11:46:46.443root